Thanks. Am Samstag 08 November 2014, 12:12:43 schrieb Wolfgang Schweer: > On Sat, Nov 08, 2014 at 01:17:27AM +0100, Wolfgang Schweer wrote: > > Package: debian-edu-config > > Version: 1.718 > > Severity: important > > User: [email protected] > > Usertags: debian-edu > > > > After upgrading a Debian Edu Wheezy main server to the 7.7 point release > > and to d-e-config 1.718 the GOsa² gui fails to connect to LDAP (as > > reported by Giorgio Pioda on the debian-edu mailing list). > > > > The point release included ssl and php5 related changes which might > > cause the issue. > > > > Setting up a new gosa.conf file from scratch on a test server and > > replacing ldap with ldaps in the referral URI (in gosa.conf) seems to > > re-enable the LDAP connection. > > > > It should be figured out how d-e-config can cope with this problem. > > After investigating further it seems to be that the mechanism using > encrypted passwords in gosa.conf is failing now. > > (As far as I know the random cleartext password generated during setup > is encrypted using gosa-encrypt-passwords and a file gosa.secrets is > generated to let apache2 cope with the encrypted passwords.) > > This seems to work getting an upgraded Wheezy main-server working again > (no need to generate a new gosa.conf): > > (1) cat /dev/null > /etc/gosa/gosa.secrets > (2) take the random cleartext password from gosa.conf.orig and put it > instead of the encrypted long one into gosa.conf (actually twice: > adminPassword and snapshotAdminPassword) > (3) restart apache2 > > From a security point of view it's probably more than dubious... > Maybe gosa-encrypt-passwords has to be adjusted. > > Wolfgang
-- www.awidon.fi Em@il: enter at awidon.fi Tel: (358) 044 3244010 FYI the .asc file is a digital signature see https://secure.wikimedia.org/wikipedia/en/wiki/GNU_Privacy_Guard for more info. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
