Bug #2785
closedIf password in slapd.conf and rudder-web.properties don't match, upgrade script fails
Description
We use the LDAP password from rudder-web.properties to contact the LDAP server in the /opt/rudder/bin/rudder-upgrade script.
If that password is not ok for whatever reason, the upgrade scrip will fail, and the depending upgrade to.
I don't know what to thing exactly about that one: the passwords should be the same, but I would prefer to be sure to have a working upgrade (looking for the password in slad.conf).
On the other hand, perhaps slapd.conf won't be here - but is it really a case what we handle today ?
Updated by Nicolas PERRON over 12 years ago
- Status changed from 8 to Pending technical review
- % Done changed from 0 to 100
Applied in changeset commit:5a1b416aabd998b4551146847a04db600eef67c9.
Updated by Michael Gliwinski over 12 years ago
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g. {SSHA}....
). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).
Updated by Nicolas PERRON over 12 years ago
Michael Gliwinski wrote:
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g.
{SSHA}....
). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).
This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.
Updated by Michael Gliwinski over 12 years ago
Nicolas PERRON wrote:
Michael Gliwinski wrote:
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g.
{SSHA}....
). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.
OK, I seem to be hitting some dependency issues in debian packages. The file /opt/rudder/etc/rudder-passwords.conf doesn't exist (there is one with .dpkg-new suffix though) because configuration of rudder-server-root fails because rudder-webapp is not configured, but rudder-webapp postinst (configuration) fails because the cfe policy (distributePolicy/1.0/passwordCheck.cf) couldn't read rudder-passwords.conf and left the $(p.psql_password[2])
variable unexpanded in /root/.pgpass and /opt/rudder/etc/openldap/slapd.conf. This could be a separate bug though, should I open a new one?
Updated by Nicolas PERRON over 12 years ago
Michael Gliwinski wrote:
Nicolas PERRON wrote:
Michael Gliwinski wrote:
Do you know what sets the password in slapd.conf?
The reason I'm asking is that the first time I tried to upgrade from beta2 to beta3, postinst failed because the password in slapd.conf was hashed (e.g.
{SSHA}....
). I hand-edited the file and put a plaintext password there, and it went through (at least a bit further).This is CFengine which have a reference file : /opt/rudder/etc/rudder-passwords.conf . You only have to set your passwords here.
OK, I seem to be hitting some dependency issues in debian packages. The file /opt/rudder/etc/rudder-passwords.conf doesn't exist (there is one with .dpkg-new suffix though) because configuration of rudder-server-root fails because rudder-webapp is not configured, but rudder-webapp postinst (configuration) fails because the cfe policy (distributePolicy/1.0/passwordCheck.cf) couldn't read rudder-passwords.conf and left the
$(p.psql_password[2])
variable unexpanded in /root/.pgpass and /opt/rudder/etc/openldap/slapd.conf. This could be a separate bug though, should I open a new one?
The problem you describe seem to be related to the #2785 but I'm not sure. Could you open a new ticket for it, please ? I will try to reproduce it.
Thank you and sorry for the late answer !
Updated by Jonathan CLARKE over 12 years ago
- Status changed from Pending technical review to Released
This fix looks OK, although #2821 has changed it since.
Michael, did you open a bug about the issue you were encountering? Please shout if not!
Updated by Michael Gliwinski about 12 years ago
Jonathan CLARKE wrote:
Michael, did you open a bug about the issue you were encountering? Please shout if not!
No, I didn't, but I also couldn't reproduce it, I think the change to use passwords from rudder-passwords.conf fixed it. Thanks!
Updated by Jonathan CLARKE about 12 years ago
Michael Gliwinski wrote:
Jonathan CLARKE wrote:
Michael, did you open a bug about the issue you were encountering? Please shout if not!
No, I didn't, but I also couldn't reproduce it, I think the change to use passwords from rudder-passwords.conf fixed it. Thanks!
Cool, that's perfect. Thanks for confirming!
Updated by Nicolas PERRON almost 12 years ago
- Project changed from Rudder to 34
- Category deleted (
11)
Updated by Benoît PECCATTE almost 10 years ago
- Project changed from 34 to Rudder
- Category set to Packaging