Re: Bug#768509: debian-edu-config: After upgrading a Wheezy main-server to Debian 7.7 the Gosa gui fails to connect to LDAP
Thanks.
Am Samstag 08 November 2014, 12:12:43 schrieb Wolfgang Schweer:
> On Sat, Nov 08, 2014 at 01:17:27AM +0100, Wolfgang Schweer wrote:
> > Package: debian-edu-config
> > Version: 1.718
> > Severity: important
> > User: debian-edu@lists.debian.org
> > Usertags: debian-edu
> >
> > After upgrading a Debian Edu Wheezy main server to the 7.7 point release
> > and to d-e-config 1.718 the GOsa² gui fails to connect to LDAP (as
> > reported by Giorgio Pioda on the debian-edu mailing list).
> >
> > The point release included ssl and php5 related changes which might
> > cause the issue.
> >
> > Setting up a new gosa.conf file from scratch on a test server and
> > replacing ldap with ldaps in the referral URI (in gosa.conf) seems to
> > re-enable the LDAP connection.
> >
> > It should be figured out how d-e-config can cope with this problem.
>
> After investigating further it seems to be that the mechanism using
> encrypted passwords in gosa.conf is failing now.
>
> (As far as I know the random cleartext password generated during setup
> is encrypted using gosa-encrypt-passwords and a file gosa.secrets is
> generated to let apache2 cope with the encrypted passwords.)
>
> This seems to work getting an upgraded Wheezy main-server working again
> (no need to generate a new gosa.conf):
>
> (1) cat /dev/null > /etc/gosa/gosa.secrets
> (2) take the random cleartext password from gosa.conf.orig and put it
> instead of the encrypted long one into gosa.conf (actually twice:
> adminPassword and snapshotAdminPassword)
> (3) restart apache2
>
> From a security point of view it's probably more than dubious...
> Maybe gosa-encrypt-passwords has to be adjusted.
>
> Wolfgang
--
www.awidon.fi
Em@il: enter at awidon.fi
Tel: (358) 044 3244010
FYI the .asc file is a digital signature
see https://secure.wikimedia.org/wikipedia/en/wiki/GNU_Privacy_Guard for more
info.
Reply to: