Bug#768509: debian-edu-config: After upgrading a Wheezy main-server to Debian 7.7 the Gosa gui fails to connect to LDAP

Sun Nov 9 21:08:20 UTC 2014

Hi Holger, Wolfgang, others,

On  Sa 08 Nov 2014 11:36:42 CET, Holger Levsen wrote:

> control: severity -1 serious
> control: notfound -1 1.813
>
> Hi,
>
> Wolfgang, thanks for filing this bug! It was useful already, from reading the
> mails to quickly I thought this bug affected our jessie version..! (and not
> the stable wheezy release as it's now clear.)
>
> Leaving lots of context for the gosa maintainers...:
>
> On Samstag, 8. November 2014, Wolfgang Schweer wrote:
>> > After upgrading a Debian Edu Wheezy main server to the 7.7 point release
>> > and to d-e-config 1.718 the GOsa² gui fails to connect to LDAP (as
>> > reported by Giorgio Pioda on the debian-edu mailing list).
>> >
>> > The point release included ssl and php5 related changes which might
>> > cause the issue.
>> After investigating further it seems to be that the mechanism using
>> encrypted passwords in gosa.conf is failing now.
>>
>> (As far as I know the random cleartext password generated during setup
>> is encrypted using gosa-encrypt-passwords and a file gosa.secrets is
>> generated to let apache2 cope with the encrypted passwords.)
>>
>> This seems to work getting an upgraded Wheezy main-server working again
>> (no need to generate a new gosa.conf):
>>
>> (1) cat /dev/null > /etc/gosa/gosa.secrets
>> (2) take the random cleartext password from gosa.conf.orig and put it
>>     instead of the encrypted long one into gosa.conf (actually twice:
>>     adminPassword and snapshotAdminPassword)
>> (3) restart apache2
>>
>> From a security point of view it's probably more than dubious...
>> Maybe gosa-encrypt-passwords has to be adjusted.
>
> Comments?
>
>
> cheers,
> 	Holger

while getting GOsa² proper for Debian jessie, we closed these two bugs

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753419
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748065

Maybe any of those is related?

Also, there was an upload of php5 to wheezy-security on Oct 18th,  
maybe that one is related.

Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.alioth.debian.org/pipermail/debian-edu-pkg-team/attachments/20141109/9ecfb4ee/attachment.sig>