Modify

Ticket #3446 (closed defect: fixed)

Opened 19 months ago

Last modified 19 months ago

users and groups installation unsuccesful

Reported by: a.fleming@… Owned by: cperez@…
Milestone: Component: users
Severity: normal Keywords:
Cc:

Description

After installing all modules step by step I encounter issues with users and groups.

We have an AD that we want to slave from. The (zentyal)LDAP-machine that slaves from there is working properly.

Next we have a zentyal server designated for handling mail.

Schematic: 

[ SBS 2k3 AD ] -- [Zentyal LDAP server ]
 (172.16.10.1)          |  (172.16.10.15)
                        |
                        |--[Zentyal mailserver] *(this is the one we're talking about)
                        |  (172.16.10.16)
                        |
                        |--[other machines that use the LDAP server for auth.]

This mail server should be a slave of the zentyal LDAP machine. I cannot slave 10.16 to the LDAP 10.15. Other machines (Ubuntu client machine with zentyal-desktop package) can authenticate succefully agains the LDAP server 10.15. This tells me that my AD-slave 10.15 is configured correctly, and my mailserver 10.16 is _not_.

The error.log of the mailserver on 10.16 says: 

==> /var/log/zentyal/error.log <==
	EBox::CGI::ServiceModule::ConfigureModuleController::_process(\'EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x7f...\') called at /usr/share/perl5/EBox/CGI/Base.pm line 275
	EBox::CGI::Base::run(\'EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x7f...\') called at /usr/share/perl5/EBox/CGI/Run.pm line 129
	EBox::CGI::Run::run(\'EBox::CGI::Run\', \'ServiceModule/ConfigureModuleController\', \'EBox\') called at /usr/share/zentyal/cgi/ebox.cgi line 34
	ModPerl::ROOT::ModPerl::Registry::usr_share_zentyal_cgi_ebox_2ecgi::handler(\'Apache2::RequestRec=SCALAR(0x7f7dbe0ea878)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
	eval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204
	ModPerl::RegistryCooker::run(\'ModPerl::Registry=HASH(0x7f7dbeb85b58)\') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170
	ModPerl::RegistryCooker::default_handler(\'ModPerl::Registry=HASH(0x7f7dbeb85b58)\') called at /usr/lib/perl5/ModPerl/Registry.pm line 31
	ModPerl::Registry::handler(\'ModPerl::Registry\', \'Apache2::RequestRec=SCALAR(0x7f7dbe0ea878)\') called at -e line 0
	eval {...} called at -e line 0
',
                 '-file' => '/usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm',
                 '-text' => 'Failed to enable: Couldn\'t bind to LDAP server, result code: 49',
                 '-line' => 74,
                 '-package' => 'EBox::CGI::ServiceModule::ConfigureModuleController',
                 'silent' => 0
               }, 'EBox::Exceptions::Internal' );
[Fri Nov 04 13:50:52 2011] [error] Unmatched ( in regex; marked by <-- HERE in m/{{ Failed to enable: Couldn't bind to LDAP server, result code: 49 at /usr/share/perl5/EBox/CGI/ServiceModule/ConfigureModuleController.pm line 74\n\tEBox::CGI::ServiceModule::ConfigureModuleController::_process('EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x7f...') called at /usr/share/perl5/EBox/CGI/Base.pm line 275\n\tEBox::CGI::Base::run( <-- HERE 'EBox::CGI::ServiceModule::ConfigureModuleController=HASH(0x7f...') called at /usr/share/perl5/EBox/CGI/Run.pm line 129\n\tEBox::CGI::Run::run('EBox::CGI::Run', 'ServiceModule/ConfigureModuleController', 'EBox') called at /usr/share/zentyal/cgi/ebox.cgi line 34\n\tModPerl::ROOT::ModPerl::Registry::usr_share_zentyal_cgi_ebox_2ecgi::handler('Apache2::RequestRec=SCALAR(0x7f7dbe0ea878)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204\n\teval {...} called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 204\n\tModPerl::RegistryCooker::run('ModPerl::Registry=HASH(0x7f7dbeb85b58)') called at /usr/lib/perl5/ModPerl/RegistryCooker.pm line 170\n\tModPerl::RegistryCooker::default_handler('ModPerl::Registry=HASH(0x7f7dbeb85b58)') called at /usr/lib/perl5/ModPerl/Registry.pm line 31\n\tModPerl::Registry::handler('ModPerl::Registry', 'Apache2::RequestRec=SCALAR(0x7f7dbe0ea878)') called at -e line 0\n\teval {...} called at -e line 0\n }}/ at /usr/share/zentyal/cgi/ebox.cgi line 117.\n

I tried to reinstall users and groups on the faulty mailserver with: 

/usr/share/zentyal-users/reinstall

This effectively clears settings and reinstalls the users and groups module. But still, it doesn't work.

Any clues?

Arno

Attachments

Change History

comment:1 Changed 19 months ago by a.fleming@…

It could be that I didn't read  the wiki article. It tells me to remove apparmor, because We need to remove this package because the security profiles that it loads are incompatible with our LDAP configuration.

Too bad.

I'm trying my luck again...

And probably file a bug report to set apparmor in complain mode for this module (and submodules), so that the wealth of security of apparmor isn't lost because of me wanting to use LDAP.

comment:2 Changed 19 months ago by a.fleming@…

That is exactly it. Time to file a bugreport for apparmor, and maybe even try to commit a working profile!

comment:3 Changed 19 months ago by cperez@…

  • Status changed from new to closed
  • Resolution set to fixed

(In [23597]) NN: Also disable apparmor in ad-sync mode (closes #3446)

comment:4 Changed 19 months ago by cperez@…

Hi,

many thanks for the report and also for pointing the root of the problem

Best regards

View

Add a comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
The resolution will be deleted. Next status will be 'reopened'
Author


E-mail address and user name can be saved in the Preferences.

Attachments
 
Note: See TracTickets for help on using tickets.