feat(uldap): make StartTLS UCR configurable in more packages

Bug #57098
2025-10-26 11:17:13 +00:00 · 2024-03-05 12:11:36 +01:00 · 2024-03-05 12:11:36 +01:00 · 97d5e9318f
commit 97d5e9318f
parent 0c410c5ff2
12 changed files with 41 additions and 11 deletions
--- a/doc/errata/staging/univention-ad-connector.yaml
+++ b/doc/errata/staging/univention-ad-connector.yaml
@ -3,7 +3,7 @@ release: "5.0"
 version: [6]
 scope: ucs_5.0-0-errata5.0-6
 src: univention-ad-connector
-fix: 14.0.17-3
+fix: 14.0.17-4
 desc: |
 This update addresses the following issues:
 * Group member DNs with containing special characters
@ -11,4 +11,6 @@ desc: |
   ways. When comparing them, this has not been taken
   into consideration, leading to rejects and tracebacks
   in the log file. This has been fixed.
-bug: [57072]
+ * The StartTLS operation mode is now configurable via the UCR variable
+   `directory/manager/starttls`. This is required in a Kubernetes environment.
+bug: [57072, 57098]
--- a/doc/errata/staging/univention-pkgdb.yaml
+++ b/doc/errata/staging/univention-pkgdb.yaml
@ -3,9 +3,11 @@ release: "5.0"
 version: [6]
 scope: ucs_5.0-0-errata5.0-6
 src: univention-pkgdb
-fix: 13.0.5-1
+fix: 13.0.5-2
 desc: |
 This update addresses the following issues:
 * The dependency on `py3dns` has been replaced by `dnspython` to support
   EDNS, which is required for virtual machines on AWS-EC2 and OpenStack.
-bug: [56911]
+ * The StartTLS operation mode is now configurable via the UCR variable
+   `directory/manager/starttls`. This is required in a Kubernetes environment.
+bug: [56911, 57098]
--- a/doc/errata/staging/univention-s4-connector.yaml
+++ b/doc/errata/staging/univention-s4-connector.yaml
@ -3,7 +3,7 @@ release: "5.0"
 version: [6]
 scope: ucs_5.0-0-errata5.0-6
 src: univention-s4-connector
-fix: 14.0.16-4
+fix: 14.0.16-5
 desc: |
 This update addresses the following issues:
 * Group member DNs with containing special characters
@ -11,4 +11,6 @@ desc: |
   ways. When comparing them, this has not been taken
   into consideration, leading to rejects and tracebacks
   in the log file. This has been fixed.
-bug: [57072]
+ * The StartTLS operation mode is now configurable via the UCR variable
+   `directory/manager/starttls`. This is required in a Kubernetes environment.
+bug: [57072, 57098]
--- a/packaging/univention-directory-manager-module-example/debian/changelog
+++ b/packaging/univention-directory-manager-module-example/debian/changelog
@ -1,3 +1,9 @@
+univention-directory-manager-module-example (9.0.2-2) unstable; urgency=medium
+
+  * Bug #57098: make StartTLS configurable in univention.uldap
+
+ -- Maximilian Janßen <janssen@univention.de>  Tue, 05 Mar 2024 11:30:35 +0100
+
 univention-directory-manager-module-example (9.0.2-1) unstable; urgency=medium

  [ Philipp Hahn ]
--- a/packaging/univention-directory-manager-module-example/scripts/ip-phone-tool
+++ b/packaging/univention-directory-manager-module-example/scripts/ip-phone-tool
@ -85,7 +85,7 @@ class ipphonetool(object):

        try:
            self.lo = univention.admin.uldap.access(
-                host=ldap_master, base=self.ldap_base, binddn=binddn, bindpw=bindpw, start_tls=2,
+                host=ldap_master, base=self.ldap_base, binddn=binddn, bindpw=bindpw,
            )
        except Exception as e:
            ud.debug(ud.ADMIN, ud.WARN, 'authentication error: %s' % (e,))
--- a/services/univention-ad-connector/debian/changelog
+++ b/services/univention-ad-connector/debian/changelog
@ -1,3 +1,9 @@
+univention-ad-connector (14.0.17-4) unstable; urgency=medium
+
+  * Bug #57098: make StartTLS configurable in univention.uldap
+
+ -- Maximilian Janßen <janssen@univention.de>  Tue, 5 Mar 2024 11:30:09 +0100
+
 univention-ad-connector (14.0.17-3) unstable; urgency=medium

  * Bug #57072: Fix comparison of special DNs
--- a/services/univention-ad-connector/modules/univention/connector/init.py
+++ b/services/univention-ad-connector/modules/univention/connector/init.py
@ -539,7 +539,7 @@ class ucs(object):
        except ValueError:
            port = 7389

-        self.lo = univention.admin.uldap.access(host=host, port=port, base=self.configRegistry['ldap/base'], binddn=binddn, bindpw=bindpw, start_tls=2, follow_referral=True)
+        self.lo = univention.admin.uldap.access(host=host, port=port, base=self.configRegistry['ldap/base'], binddn=binddn, bindpw=bindpw, follow_referral=True)

    def search_ucs(self, filter='(objectClass=*)', base='', scope='sub', attr=[], unique=0, required=0, timeout=-1, sizelimit=0):
        try:
--- a/services/univention-pkgdb/debian/changelog
+++ b/services/univention-pkgdb/debian/changelog
@ -1,3 +1,9 @@
+univention-pkgdb (13.0.5-2) unstable; urgency=medium
+
+  * Bug #57098: make StartTLS configurable in univention.uldap
+
+ -- Maximilian Janßen <janssen@univention.de>  Tue, 5 Mar 2024 11:30:50 +0100
+
 univention-pkgdb (13.0.5-1) unstable; urgency=medium

  * Bug #56832: UCS 5.0-6 version bump
--- a/services/univention-pkgdb/pkgdb-watch.py
+++ b/services/univention-pkgdb/pkgdb-watch.py
@ -68,7 +68,7 @@ def ldap_reconnect() -> None:
    ud.debug(ud.LISTENER, ud.INFO, 'pkgdb-watch: ldap reconnect triggered')
    if 'ldapserver' in ldap_info and 'basedn' in ldap_info and 'binddn' in ldap_info and 'bindpw' in ldap_info:
        try:
-            ldap_info['lo'] = univention.uldap.access(host=ldap_info['ldapserver'], base=ldap_info['basedn'], binddn=ldap_info['binddn'], bindpw=ldap_info['bindpw'], start_tls=2)
+            ldap_info['lo'] = univention.uldap.access(host=ldap_info['ldapserver'], base=ldap_info['basedn'], binddn=ldap_info['binddn'], bindpw=ldap_info['bindpw'])
        except ValueError as ex:
            ud.debug(ud.LISTENER, ud.ERROR, 'pkgdb-watch: ldap reconnect failed: %s' % (ex,))
            ldap_info['lo'] = None
--- a/services/univention-s4-connector/debian/changelog
+++ b/services/univention-s4-connector/debian/changelog
@ -1,3 +1,9 @@
+univention-s4-connector (14.0.16-5) unstable; urgency=medium
+
+  * Bug #57098: make StartTLS configurable in univention.uldap
+
+ -- Maximilian Janßen <janssen@univention.de>  Tue, 05 Mar 2024 11:30:13 +0100
+
 univention-s4-connector (14.0.16-4) unstable; urgency=medium

  * Bug #57072: Fix comparison of special DNs
--- a/services/univention-s4-connector/modules/univention/s4connector/init.py
+++ b/services/univention-s4-connector/modules/univention/s4connector/init.py
@ -542,7 +542,7 @@ class ucs(object):
        except ValueError:
            port = 7389

-        self.lo = univention.admin.uldap.access(host=host, port=port, base=self.configRegistry['ldap/base'], binddn=binddn, bindpw=bindpw, start_tls=2, follow_referral=True)
+        self.lo = univention.admin.uldap.access(host=host, port=port, base=self.configRegistry['ldap/base'], binddn=binddn, bindpw=bindpw, follow_referral=True)

    def search_ucs(self, filter='(objectClass=*)', base='', scope='sub', attr=[], unique=0, required=0, timeout=-1, sizelimit=0):
        try:
--- a/services/univention-s4-connector/scripts/msgpo.py
+++ b/services/univention-s4-connector/scripts/msgpo.py
@ -63,7 +63,7 @@ def _connect_ucs(configRegistry, binddn, bindpwdfile):
        port = 7389

    try:
-        lo = univention.admin.uldap.access(host=host, port=port, base=configRegistry['ldap/base'], binddn=binddn, bindpw=bindpw, start_tls=2, follow_referral=True)
+        lo = univention.admin.uldap.access(host=host, port=port, base=configRegistry['ldap/base'], binddn=binddn, bindpw=bindpw, follow_referral=True)
    except univention.admin.uexceptions.authFail:
        print('Authentication failed')
        sys.exit(1)