[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#886749: marked as done (Password Sync to Kerberos fails for user DNs that have a blank in the DN)



Your message dated Sat, 13 Jan 2018 01:50:00 +0000
with message-id <E1eaAxM-000EQq-MI@fasolo.debian.org>
and subject line Bug#886749: fixed in debian-edu-config 1.945
has caused the Debian Bug report #886749,
regarding Password Sync to Kerberos fails for user DNs that have a blank in the DN
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
886749: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886749
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: debian-edu-config
Version: 1.944

We experienced an issue where the password sync from GOsa (via gosa-sync hook script) to Kerberos on a stretch TJENER fails for user DNs that have a blank in the DN.

Here we have DN OUs containing blanks, unfortunately.

The patch needs to be applied in our gosa.conf template (typical case of underquoting, see '%dn' bits):

```
diff --git a/etc/gosa/gosa.conf b/etc/gosa/gosa.conf
index 7c3a7df1..ba624d71 100644
--- a/etc/gosa/gosa.conf
+++ b/etc/gosa/gosa.conf
@@ -76,9 +76,9 @@
   <pathMenu>
<plugin acl="users/netatalk:self,users/environment:self,users/posixAccount:self,users/kolabAccount:self,users/phpscheduleitAccount:self,users/oxchangeAccount:self,users/proxyAccount:self,users/connectivity:self,users/pureftpdAccount:self,users/phpgwAccount:self,users/opengwAccount:self,users/pptpAccount:self,users/intranetAccount:self, users/webdavAccount:self,users/nagiosAccount:self,users/sambaAccount:self,users/mailAccount:self,users/groupware, users/user:self,users/scalixAccount:self,users/gofaxAccount:self,users/phoneAccount:self,users/Groupware:self" class="MyAccount" />
       <plugin acl="users/password:self" class="password"
- postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync %dn" - postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user %dn" - postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user %dn" /> + postmodify="USERPASSWORD=%new_password /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-sync '%dn'" + postlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-lock-user '%dn'" + postunlock="/usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-unlock-user '%dn'" />
   </pathMenu>

```


Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpy97q2sOZmb.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message ---
Source: debian-edu-config
Source-Version: 1.945

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886749@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Jan 2018 02:36:47 +0100
Source: debian-edu-config
Binary: debian-edu-config
Architecture: source
Version: 1.945
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Description:
 debian-edu-config - Configuration files for Skolelinux systems
Closes: 886749
Changes:
 debian-edu-config (1.945) unstable; urgency=medium
 .
   [ Mike Gabriel ]
   * etc/gosa/gosa.conf: Properly single-quote '%dn' in password hook scripts.
     This fixes failing password syncs / locks / unlocks if user DNs have
     blanks in the DN string. (Closes: #886749).
   * etc/gosa/gosa.conf: Support pwreset plugin and schoolmanager plugin by
     default.
 .
   [ Wolfgang Schweer ]
   * Properly remove cfengine2 related files upon upgrades.
     - Drop conffile remove statements from debian/debian-edu-config.maintscript
       (wildcards don't make sense).
     - Add removal code to debian/debian-edu-config.postinst.
   * Use apache2-maintscript-helper for apache2 mod debian-edu-userdir in
     debian/debian-edu-config.postinst, avoiding two lintian warnings.
   * Adjust debian/debian-edu-config.lintian-overrides.
Checksums-Sha1:
 daf347ac752b20425a39ee6ed9c91bb679dc00a4 1852 debian-edu-config_1.945.dsc
 295926d20851175187a1606ea764bdbb39a64517 383620 debian-edu-config_1.945.tar.xz
 9ce8ae51504357aa0abbb82a5c2f560b75688897 5178 debian-edu-config_1.945_source.buildinfo
Checksums-Sha256:
 fe09c9e5c5046035cdf2a3fcde51c46eacba9f81434968867b71f541314d7f82 1852 debian-edu-config_1.945.dsc
 17c45a610abb3ddbfefb8f6dda3adca1a41c8c505a2966b515891fa7c0ca94fa 383620 debian-edu-config_1.945.tar.xz
 2278152f14d7f8f9cdfa47636e5b2f9bad5cf9fc2da79fdf364d68cb10e06871 5178 debian-edu-config_1.945_source.buildinfo
Files:
 7cf2b3f81e0be6fae5eb316bc6ea2f19 1852 misc optional debian-edu-config_1.945.dsc
 6ad0801a33d9aaffa15529fcac8560e6 383620 misc optional debian-edu-config_1.945.tar.xz
 d3748ff8069a1a41cd5354c00b6adaf2 5178 misc optional debian-edu-config_1.945_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAlpZYyEACgkQCRq4Vgaa
qhzSfA/+IrZreBRb59OiY2CsU+71jRn52Pk3zT1NgoU7c5ck+7cgwIcIg7qmNcDV
MQFwPNF52Y6wKUNhSvNZ6wo8p4Lpxwb65efFcVkFhubRLOAUn8LtY5kR6s8V8krm
pxA6MbPCkXCX3B28Vlgeb4LwKxTvC/WQ6HtbpvS+uJIxKwjoSuKaR57OxJVXnThw
1SWtcFOKT9rCuziyRxoEg05ME/QNVvojD44/Veb4lOZ9mYtGhsMHNWmP+h0yjvAu
4kZM/XStKHcmUotq8h33gStOzMFOnIqDVZfPhJ/+Qy2LIByvCD7o91YzAqarSbZj
vJp+Awf2JU/ZrIqVS4pnxnRIYubWAeiyS07iF/nYkN4tHHzT1QDxk0m0q7hlqnXC
AAcTSFeyh5bxINofS4NMBxBTOgmKJ3SI1RmCiMqizDx9pLyF6QRI9QWf/EDY0NUX
osuh/RpaORiGR9xnwKRhdXRxsOMPs9tiE8z2GM+R5JRXpaD9A/aolVAinOyTt3qI
3++HF7MipHzwOsHoDb6H7846W6BTFwd/+KeE+HE0r/9JXTuimNRa8GVFzKkYOC7d
B8UpnHDM3R8zUHYh1+4foEinCttSLqb0IgjZccPn/n8bE5NjvvhBxm/TFX2lpgZ4
S6BRIBEVrwnlruKtFF+Q92xMtNLN8lnS8GeS/uWYfNZK+wchtqw=
=ghq2
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: