[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#768509: debian-edu-config: After upgrading a Wheezy main-server to Debian 7.7 the Gosa gui fails to connect to LDAP

Hi Holger, Wolfgang, others,

On  Sa 08 Nov 2014 11:36:42 CET, Holger Levsen wrote:


control: severity -1 serious
control: notfound -1 1.813

Hi,

Wolfgang, thanks for filing this bug! It was useful already, from reading the
mails to quickly I thought this bug affected our jessie version..! (and not
the stable wheezy release as it's now clear.)

Leaving lots of context for the gosa maintainers...:

On Samstag, 8. November 2014, Wolfgang Schweer wrote:

> After upgrading a Debian Edu Wheezy main server to the 7.7 point release
> and to d-e-config 1.718 the GOsa² gui fails to connect to LDAP (as
> reported by Giorgio Pioda on the debian-edu mailing list).
>
> The point release included ssl and php5 related changes which might
> cause the issue.
After investigating further it seems to be that the mechanism using
encrypted passwords in gosa.conf is failing now.

(As far as I know the random cleartext password generated during setup
is encrypted using gosa-encrypt-passwords and a file gosa.secrets is
generated to let apache2 cope with the encrypted passwords.)

This seems to work getting an upgraded Wheezy main-server working again
(no need to generate a new gosa.conf):

(1) cat /dev/null > /etc/gosa/gosa.secrets
(2) take the random cleartext password from gosa.conf.orig and put it
    instead of the encrypted long one into gosa.conf (actually twice:
    adminPassword and snapshotAdminPassword)
(3) restart apache2

From a security point of view it's probably more than dubious...
Maybe gosa-encrypt-passwords has to be adjusted.


Comments?


cheers,
	Holger


while getting GOsa² proper for Debian jessie, we closed these two bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753419
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748065

Maybe any of those is related?
Also, there was an upload of php5 to wheezy-security on Oct 18th, maybe that one is related. 

Mike



--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgpeETbrRJHgT.pgp
Description: Digitale PGP-Signatur

Reply to: