[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#935080: marked as done (slapcat used in gosa hook script gosa-modify-host)

Your message dated Sat, 02 May 2020 12:18:24 +0000
with message-id <E1jUr68-0000iq-S8@fasolo.debian.org>
and subject line Bug#935080: fixed in debian-edu-config 2.11.24
has caused the Debian Bug report #935080,
regarding slapcat used in gosa hook script gosa-modify-host
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
935080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935080
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: debian-edu-config
Severity: important
Version: 2.10.67

Hi all,

the gosa-modify-host script utilizes slapcat to check LDAP for removed hosts:

```
www-data@tjener:~$ /usr/bin/sudo /usr/share/debian-edu-config/tools/gosa-modify-host && echo TRUE 
+ slapcat
+ grep dell007.intern.
+ grep -q dhcp
+ kadmin.local delprinc host/dell007.intern..intern@INTERN
delete_principal: Principal does not exist while deleting principal "host/dell007.intern..intern@INTERN" 
```

1.
The slapcat tool is an offline administration tool for LDAP and should not be used for day-to-day online tasks.
The part where it is used is about cleaning up the /etc/debian-edu/host-keytabs/ directory.
The better approach here is going over all files in that folder and doing an ldapsearch query for each host. 

2.
Furthermore, this should not be done in gosa-modify-host, but in a separate CRON job that does not inflict on the execution time of the script. 

3.
Last but not least, the loop over all slapcat'ed hosts aborts if some error occurs and thus ends in the middle of the run. 

This needs some more love, I guess.

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpVXjUBuvSIS.pgp
Description: Digitale PGP-Signatur


--- End Message ---
--- Begin Message --- 
Source: debian-edu-config
Source-Version: 2.11.24
Done: Holger Levsen <holger@debian.org>

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 935080@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 May 2020 13:38:52 +0200
Source: debian-edu-config
Architecture: source
Version: 2.11.24
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Closes: 935080
Changes:
 debian-edu-config (2.11.24) unstable; urgency=medium
 .
   [ Mike Gabriel ]
   * share/debian-edu-config/tools/clean-up-host-keytabs: Add script.
     Move host keytabs cleanup code out of gosa-modify-host into a standalone
     script, but still call it from there (for now). Major script improvement:
     Reduce LDAP calls to a single ldapsearch query which greatly improves the
     execution speed of the code. (Closes: #935080).
Checksums-Sha1:
 2ddb1a2284ebbe6d04e4ab0a6b67c26b6c6e9149 1923 debian-edu-config_2.11.24.dsc
 079509f5671aee199d2f21e0babb4b07239db3c3 344148 debian-edu-config_2.11.24.tar.xz
 1533b50774922019a7a429ad02730d4bf324cb7c 5325 debian-edu-config_2.11.24_source.buildinfo
Checksums-Sha256:
 192a6cb85e0e95da9e42c7f67e8ddb3c3d9a1a2e9bac59f17f42449430cc3612 1923 debian-edu-config_2.11.24.dsc
 98a8921ee77ab1f07958bc5286630a58b4bc3424b8010bcc442c2a74ec5149f6 344148 debian-edu-config_2.11.24.tar.xz
 ad1dbcd46f1aff0fecf4f883adb57fc3be1cb4718c9397f0119a71369b0191b1 5325 debian-edu-config_2.11.24_source.buildinfo
Files:
 13ad7081aaaa3c5fbbe34f11ec9da9b3 1923 misc optional debian-edu-config_2.11.24.dsc
 7c893c0da037e1136578564554931e02 344148 misc optional debian-edu-config_2.11.24.tar.xz
 98d3f5b347708b70157de1e424f9fedd 5325 misc optional debian-edu-config_2.11.24_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl6tYBgACgkQCRq4Vgaa
qhztsw/+I+3OP4YoOE1ucGxt0wuh0vlfNBQVD7VUSYftp63vuTBYBehV+2Q6A21A
TWpP/+t5zRC4eGDNMDTxK4EVedfydurKJRzP5MNDTbRuowGNKPjju9mCmm23F92Y
FvAhy7J7saU2cD0CF+sadRvBdX2DQDc6Sy6zaUEfJMWmeLfUenSRNsF4OfSv1zaT
Up2rVDxjpy8tonFjrEC1pfHnWxo7jPG590q1/6XwHzwC/m5vRHuVO/rs39u93/Fi
iDCuuSAbwW90/WoJovd2DGny9aYG40J5Ol9iNlmi5cFm93jOQFEQSdGaKof6004/
lcoMlye1f02mOhJhLm4pGZa14r8Dl+bmwfTSEOhaylGZlEPuyx7D9RCk3cslIZOj
tW9b1IBSWxcQQCylH3JYpNQ/VBdN/EZ6pKPXXc3RtPMiIfZnMcGPvt9SdLUhs9gr
p9bCtbPtIuhSSrobTyXcjl2HTtiSkpa9/vtmgOuT1Yf9qX5h0RVU4BUBfMHjeas/
F/paknUn28GJlHH4Rf0YLtBMg83pz+TnJ/ma7k/e4TK8OvRi4DXBVjKKcseO/hMW
oU/uHst80amkivoZBAqOjFGVvUpcAmhXTFOhjBaoSj5i8iM4kJYQ3wDsIuOa+hwY
bEiDrVt/jp5z8WMcQir7ODZOs5ilU2KMKMtxU+OwdR3rv3sPej0=
=WW2R
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: