On Sat, Nov 08, 2014 at 01:17:27AM +0100, Wolfgang Schweer wrote: > Package: debian-edu-config > Version: 1.718 > Severity: important > User: debian-edu@lists.debian.org > Usertags: debian-edu > > After upgrading a Debian Edu Wheezy main server to the 7.7 point release > and to d-e-config 1.718 the GOsa² gui fails to connect to LDAP (as > reported by Giorgio Pioda on the debian-edu mailing list). > > The point release included ssl and php5 related changes which might > cause the issue. > > Setting up a new gosa.conf file from scratch on a test server and > replacing ldap with ldaps in the referral URI (in gosa.conf) seems to > re-enable the LDAP connection. > > It should be figured out how d-e-config can cope with this problem. After investigating further it seems to be that the mechanism using encrypted passwords in gosa.conf is failing now. (As far as I know the random cleartext password generated during setup is encrypted using gosa-encrypt-passwords and a file gosa.secrets is generated to let apache2 cope with the encrypted passwords.) This seems to work getting an upgraded Wheezy main-server working again (no need to generate a new gosa.conf): (1) cat /dev/null > /etc/gosa/gosa.secrets (2) take the random cleartext password from gosa.conf.orig and put it instead of the encrypted long one into gosa.conf (actually twice: adminPassword and snapshotAdminPassword) (3) restart apache2 From a security point of view it's probably more than dubious... Maybe gosa-encrypt-passwords has to be adjusted. Wolfgang
Attachment:
signature.asc
Description: Digital signature