Backing up UCS 4.4, everything working except portal edition: invalid DN syntax, urgent!

UCS - Univention Corporate Server
#1

Hi,
I’m running UCS 4.4 with owncloud in a vmware machine, I recently set it up and added my users and they already changed their passwords etc. Everything was fine, until an critical situation happened: power outage.
The server on which the virtual machine is running was shutdown because of the power outage, after that the MariaDB database went corrupt and I couldn’t even start the service (I’m also using syspass on this machine).
I finally got to recover the database itself by starting up the database in innodb recovery mode, dumped the databases and uninstalled the system packages corresponding to mysql: mariadb-server-10.1, mysql-common, mariadb-common, univention-mysql, univention-mariadb and then installed with univention-install univention-mysql

The database was ok, sysPass started working again, however the UCS itself went bad. I couldn’t access the portal (path not found) nor the app-center (it was unavailable, like it wasn’t even installed or some packages went missing).

I had a backup of the entire virtual machine, but from before the time my users were registered & their passwords changed, even before sysPass was installed (silly me).
The machines were identical, although the backup one was just older. I decided to use the backup machine to bring back the data from old machine, so everything would work again. And it worked, kinda.
I used this tutorial: https://wiki.univention.de/index.php/Cool_Solution_-_Single_Server_Backup_and_Restore

I did everything exactly as noted there, except the samba steps as I’m not using it and don’t even have it installed. All the secret files in /etc were restored from the older machine (I saw that machine.secret was different, others were the same I think).
I ran all the commands, everything went fine. And everything seemed to be working, I could see all the users in LDAP, they could access ownCloud with their credentials etc. Only one thing stopped working: the portal. It works when it’s displayed, but I cannot modify it at all.
Any attempt to modify ANY of the elements in the portal (by the visual editor) and up in an error:

Could not process the request.
Internal server error during “udm/get (settings/portal_all)”.

The path obviously changes depending on what I click. This is the detailed stacktrace:

Internal server error during "udm/get (settings/portal_all)".
Request: udm/get (settings/portal_all)

  File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 78, in _run
    tmp = self._function()
  File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 502, in _get
    module = get_module(request.flavor, ldap_dn)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 88, in _decorated
    return method(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 143, in _decorated
    result = func(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 1104, in get_module
    modules = udm_modules.objectType(None, ldap_connection, ldap_dn, module_base=base)
  File "/usr/lib/pymodules/python2.7/univention/admin/modules.py", line 1000, in objectType
    attr = lo.get(dn)
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 708, in get
    return self.lo.get(dn, attr, required)
  File "/usr/lib/python2.7/dist-packages/univention/uldap.py", line 383, in get
    result = self.lo.search_s(dn, ldap.SCOPE_BASE, '(objectClass=*)', attr)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 597, in search_s
    return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 993, in search_ext_s
    return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 931, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 591, in search_ext_s
    return self.result(msgid,all=1,timeout=timeout)[1]
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 503, in result
    resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 507, in result2
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 514, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 521, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in _ldap_call
    result = func(*args,**kwargs)
INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'}

As you can see the most important part is this: INVALID_DN_SYNTAX: {‘info’: ‘invalid DN’, ‘desc’: ‘Invalid DN syntax’}

I however have no idea why is this happening. Everything else seems to work, I tried doing univention-ldapsearch and it works without any problem, I can also browse the LDAP Directory in the management panel.
System diagnostics returned a few errors mostly about the secret files having wrong chmods and belonging to wrong group, I used chgrp 'DC Backup Hosts' filename.secret on those that were listed and changed the chmods, the errors disappeared. Only problem left is the SSL certificate validation, but it’s working in all browsers so I guess that’s some minor validation issue.

I tried forcing join scripts and everything was ‘done’, no errors at all.
Any ideas on how can I fix this?

Edit
The portal is re-set to some default Univention portal (only contains link to UMC and Univention Blog), despite the ‘domain’ portal in LDAP Directory being completely different, it has custom configuration and custom logos, yet this portal isn’t even displayed, this default one is instead. I tried messing with the settings and disabling the visibilities, creating new portals etc but nothing helped. I tried resyncing the portal but same thing, only this default one is being displayed and I cannot edit it. What’s going on?

Problem: Portal is blank by an Error or Mistake
#2

Anyone has any ideas what I should look for? I’m constantly struggling trying to fix this issue but no luck.

This is the output of ucr get ldap/hostdn: cn=ucs-4084,cn=dc,cn=computers,dc=mycompany,dc=intranet

In /var/www/univention/portal the portal.json file is some completely default portal (just what is displayed) not the one I have in my LDAP Directory or in my domain->portal settings.
It has a "dn": "cn=domain,cn=portal,cn=univention,%@%ldap/base%@%" in the “portal” json object, so I guess this is nowhere near my DN, it’s some default configuration that has no way of working in my configuration.
The point is, why is this portal displayed, if I have a completely different configuration in the UMCS and in the ldap directory? I tried refreshing the portal cache and restarting the univention-portal-server service, no luck at all.
I cannot even find this “default” portal anywhere in my ldap directory, it came out of nowhere and it was the one in portal-unjoined.json after restoring the backup. How can I force UCS to re-generate the portal using mine, from ldap?
/var/log/univention/portal.log has nothing interesting, just information “firing up portal server at port 8095”

check_join_status.log has no errors at all, and all the ldap dns here are correct, dn: dc=mycompany,dc=intranet

Everything seems to work, my users are using owncloud succesfully, I even created new users without any problem, just cannot get the portal to work again, I’m stuck with this default one without any way of modifying it.

#3

That’s a pretty rare error, one I haven’t seen yet. Let’s start by taking a look at the portal settings stored in the LDAP settings. Please post the output of the following commands:

univention-ldapsearch -LLLo ldif-wrap=no -b cn=portal,cn=univention,$(ucr get ldap/base) | grep -v '^univentionPortalEntryIcon:'
univention-check-join-status
ucr get ldap/base

The presence of %@%ldap/base%@% is normal in that file. It’s a template file, and that value will be replaced by the content of the UCR variable ldap/base (the output of the third command above).

1 Like
#4

ucr get ldap/base: dc=mycompany,dc=intranet

univention-check-join-status: Joined successfully

ldapsearch:

dn: cn=portal,cn=univention,dc=mycompany,dc=intranet
objectClass: top
objectClass: organizationalRole
objectClass: univentionObject
univentionObjectType: container/cn
cn: portal

dn: cn=local,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalShowLogin: TRUE
univentionPortalShowSearch: TRUE
cn: local
objectClass: univentionPortal
objectClass: top
objectClass: univentionObject
univentionObjectType: settings/portal
univentionPortalDisplayName: en_US Startsite for {hostname}
univentionPortalDisplayName: fr_FR page d'accueil pour {hostname}
univentionPortalDisplayName:: ZGVfREUgU3RhcnRzZWl0ZSBmw7xyIHtob3N0bmFtZX0=
univentionPortalFontColor: black
univentionPortalShowServers: TRUE
univentionPortalShowMenu: TRUE
univentionPortalShowApps: TRUE
univentionPortalEntriesOrder: cn=umc-local,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntriesOrder: cn=ucs-local-to-domain,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalContent: [["cn=admin,cn=categories,cn=portal,cn=univention,dc=mycompany,dc=intranet", ["cn=umc-local,cn=portal,cn=univention,dc=mycompany,dc=intranet", "cn=ucs-local-to-domain,cn=portal,cn=univention,dc=mycompany,dc=intranet"]]]

dn: cn=domain,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalShowLogin: TRUE
univentionPortalShowSearch: TRUE
cn: domain
objectClass: univentionPortal
objectClass: top
objectClass: univentionObject
univentionObjectType: settings/portal
univentionPortalFontColor: black
univentionPortalShowServers: TRUE
univentionPortalShowMenu: TRUE
univentionPortalShowApps: FALSE
univentionPortalEntriesOrder: cn=owncloud,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntriesOrder: cn=SysPass,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntriesOrder: cn=umc-domain,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalContent: [["cn=service,cn=categories,cn=portal,cn=univention,dc=mycompany,dc=intranet", ["cn=owncloud,cn=portal,cn=univention,dc=mycompany,dc=intranet", "cn=SysPass,cn=portal,cn=univention,dc=mycompany,dc=intranet"]], ["cn=admin,cn=categories,cn=portal,cn=univention,dc=mycompany,dc=intranet", ["cn=umc-domain,cn=portal,cn=univention,dc=mycompany,dc=intranet"]]]
univentionPortalLogo: iVBORw0KGgoAAAANSUhEUgAAAHsAAAAcCAYAAABBNsCdAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAA3ZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDpjMTAwNDU1NS0xMzY5LTc4NGEtOTRlMC02NTUyZmEzZTkyOTIiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6NUI4M0I0ODVDNkZGMTFFN0IxNzBDMEQxRDM2QzVDMDUiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6NUI4M0I0ODRDNkZGMTFFN0IxNzBDMEQxRDM2QzVDMDUiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTcgKFdpbmRvd3MpIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6MmM4NTVlMGItODgyYi05MDQ5LWE0NGItYmI1ZGM5NjJhOTZiIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOmMxMDA0NTU1LTEzNjktNzg0YS05NGUwLTY1NTJmYTNlOTI5MiIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/Pr9uj2cAAAQ6SURBVHja7Fp7iE1BGD93d1nklfIoQiSKkCWv+Af5y6uIPLKrlto8V1mLbUvWI++SdyjPvNokRFmy8izPRGHXW1q0u6zWunv9vu53c4wzc86595zLXfOrX/feb+bMmZnv++b7ZuYGQqGQofF/IElPgVa2hla2hla2RkIgxUrYcezSx/hoDdaYxKngVjDX5Tt6gkX8PSi0txpcxb9ngBvB76AXWWOAx/cRPAPmgeWm8nbgA7BW6Bc9V1/omx3agDfA5mC1UEay9RbzNhecDnYCf3g0ZvPc7igtLFhkq2ygi8Tr06J8cQtJWZowKU19MGhqdw44BuwPvmf5a3APmC15biW4n+vZYTvYXlF+Vfh9AJzisyP3dbqMf5LIK6N46Q9F2Zc4hhRSxglBthB8pnhmq4N2h7AhybAJPG36nRUHRRO+xRqzvd6Um9v7YDKO6hhYoTCwQezdZqQr+jeKlanCTkVZKVggyOKhaINDkX3M/ks4wktmwGY1sDOeco6PEyV1+nB8jaAYPAZOkNTfBXaTlM1UlBGWgWWCLIcNrtLCeUIeOV0j8O2/rGxKzC561NZjm8RNxCxwNOcXIrqCGeBeQd6QEy8ZKCk8aCEvZroGEi7vs/EEQSqvAEFJmRtlfwYXKGI0xd1DQqa9Dmwsqf8VXKLYnTThnU7A1J8Qh9Vkmedil2Q3nsgO5DYMo7IuKZuWqgus2O9CYtJZ8VyFRL6NPbyXRRntEtaA8027lSzFO9aC9yRlx/l5P0H93FyXDlXIG8+BPTgORziY972y3YRqCZ2qKJsHtuLvuxX1HrHXy1Adh7lpaSVM9BM0SoAuO6xbBdIhQ4mizkM6jLB530BwqKJOLi/jqtzkryDFSHxMAl9JxkKefBd8Bx4GCx20N5fbbGZRNpszcNWO4lSU4yhhQ6sXg14CnA9c90LZwSg64PeyRSdimRbZcgQrwPMudwXU3lHJZMqSPzqWzYthHBWcF/iWjcuW8WQPD1VUBpLskcL3gWct5GTlG6Joj/bdV1w+Q5p46qBePZdy35dxmRJGgNfYSJzE+xpDfd4d9HAsU3i5Fj2vO2ftI1y2R8naC4d1b4FbXKwcVqALkTtG+GImycXWS2Y4J7AS5DtRNnV+mIWcLjQGeKigmx5n5+kcm0UMN8I3WG5u7F46fIaUk2P8fkOoAu0grC6UGoC9PZwPCp/5Tpbx7DgkVrc4ofESRxRJ2GJwnMv2yJXe2NShs/EiF22uMX7dvPmJckcxG+5/Hx8j2br9AB2LZrA3eo1pVgNlnDTsLzbEHCVdUU6GsNxl/yr5LOCOz8r+43QvoPp3KWIEbc7Hgx144LUxvDyZY/QTI3xuXObjQPsZ4T8GVAl9bss5xzaXyWYmL7FmI6Jc5JIRPhGLdj4mc04R69xaKfo5nHazY2Vr1C3o/6BpZWtoZWtoZWskBn4KMAC+JvgwbsAj0wAAAABJRU5ErkJggg==
univentionPortalEnsureLogin: FALSE
univentionPortalDefaultLinkTarget: samewindow
univentionPortalAutoLayoutCategories: FALSE
univentionPortalDisplayName: en_US MyCompany portal test
univentionPortalDisplayName: de_DE MyCompany portal

dn: cn=SysPass,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName: de_DE SysPass
univentionPortalEntryDisplayName: en_US SysPass
univentionPortalEntryAuthRestriction: anonymous
univentionPortalEntryCategory: service
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryDescription:: ZGVfREUg
univentionPortalEntryDescription:: ZW5fVVMg
cn: SysPass
univentionPortalEntryPortal: cn=domain,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryLink: https://mycompany.com/syspass/index.php
univentionPortalEntryActivate: TRUE
univentionPortalEntryLinkTarget: useportaldefault

dn: cn=owncloud,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName: de_DE ownCloud
univentionPortalEntryDisplayName: en_US ownCloud
cn: owncloud
univentionPortalEntryCategory: service
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryActivate: TRUE
univentionPortalEntryPortal: cn=domain,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDescription: en_US Cloud solution for data and file sync and share
univentionPortalEntryDescription:: ZGVfREUgQ2xvdWQgTMO2c3VuZyBmw7xyIEZpbGVzeW5jIHVuZCAtc2hhcmU=
univentionPortalEntryAuthRestriction: anonymous
univentionPortalEntryLink: https://mycompany.com/owncloud
univentionPortalEntryLink: https://192.168.147.130/owncloud
univentionPortalEntryLink: https://ucs-4084.mycompany.intranet/owncloud
univentionPortalEntryLink: http://ucs-4084.mycompany.intranet/owncloud
univentionPortalEntryLink: http://192.168.147.130/owncloud

dn: cn=umc-local,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName:: ZnJfRlIgUsOpZ2xhZ2VzIGR1IHN5c3TDqG1l
univentionPortalEntryDisplayName: de_DE Systemeinstellungen
univentionPortalEntryDisplayName: en_US System settings
cn: umc-local
univentionPortalEntryCategory: admin
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryActivate: TRUE
univentionPortalEntryPortal: cn=local,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDescription:: ZGVfREUgVW5pdmVudGlvbiBNYW5hZ2VtZW50IENvbnNvbGUgenVyIFZlcsKtd2Fswq10dW5nIGRlcyBsb2thbGVuIFN5c3RlbXM=
univentionPortalEntryDescription:: ZW5fVVMgVW5pdmVudGlvbiBNYW5hZ2VtZW50IENvbnNvbGUgZm9yIGFkbWluwq1pc8KtdHJhwq10aW5nIHRoZSBsb2NhbCBzeXN0ZW0=
univentionPortalEntryDescription:: ZnJfRlIgQ29uc29sZSBkZSBnZXN0aW9uIFVuaXZlbnRpb24gcG91ciBhZG1pbsKtaXPCrXRyZXIgbGUgc3lzdMOobWUgbG9jYWw=
univentionPortalEntryLink: /univention/management/
univentionPortalEntryAuthRestriction: anonymous

dn: cn=categories,cn=portal,cn=univention,dc=mycompany,dc=intranet
objectClass: top
objectClass: organizationalRole
objectClass: univentionObject
univentionObjectType: container/cn
cn: categories

dn: cn=umc-domain,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName:: ZnJfRlIgUsOpZ2xhZ2VzIGR1IHN5c3TDqG1lIGV0IGR1IGRvbWFpbmU=
univentionPortalEntryDisplayName:: ZGVfREUgU3lzdGVtLSB1bmQgRG9tw6RuZW5laW5zdGVsbHVuZ2Vu
univentionPortalEntryDisplayName: en_US System and domain settings
cn: umc-domain
univentionPortalEntryCategory: admin
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryActivate: TRUE
univentionPortalEntryDescription:: ZnJfRlIgQ29uc29sZSBkZSBnZXN0aW9uIFVuaXZlbnRpb24gcG91ciBhZG1pbsKtaXPCrXRyZXIgbGUgZG9tYWluZSBVQ1MgZXQgbGUgc3lzdMOobWUgbG9jYWw=
univentionPortalEntryDescription:: ZGVfREUgVW5pdmVudGlvbiBNYW5hZ2VtZW50IENvbnNvbGUgenVyIFZlcsKtd2Fswq10dW5nIGRlciBVQ1MtRG9tw6RuZSB1bmQgZGVzIGxva2FsZW4gU3lzdGVtcw==
univentionPortalEntryDescription:: ZW5fVVMgVW5pdmVudGlvbiBNYW5hZ2VtZW50IENvbnNvbGUgZm9yIGFkbWluwq1pc8KtdHJhwq10aW5nIHRoZSBVQ1MgZG9tYWluIGFuZCB0aGUgbG9jYWwgc3lzdGVt
univentionPortalEntryLink: /univention/management/
univentionPortalEntryAuthRestriction: anonymous
univentionPortalEntryPortal: cn=domain,cn=portal,cn=univention,dc=mycompany,dc=intranet

dn: cn=univentionblog,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName: en_US Univention Blog
univentionPortalEntryDisplayName: fr_FR Univention Blog
univentionPortalEntryDisplayName: de_DE Univention Blog
cn: univentionblog
univentionPortalEntryCategory: admin
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryActivate: TRUE
univentionPortalEntryDescription: en_US News, tips and best practices
univentionPortalEntryDescription: fr_FR Nouvelles, conseils et bonne pratique
univentionPortalEntryDescription: de_DE News, Tipps und Best Practices
univentionPortalEntryLink: https://www.univention.com/news/blog-en/
univentionPortalEntryAuthRestriction: anonymous

dn: cn=owncloud-userdoc,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName: de_DE Benutzer Handbuch
univentionPortalEntryDisplayName: en_US User Manual
cn: owncloud-userdoc
univentionPortalEntryCategory: admin
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryActivate: TRUE
univentionPortalEntryDescription: en_US ownCloud User Manual
univentionPortalEntryDescription: de_DE ownCloud Benutzer-Handbuch (in Englisch)
univentionPortalEntryLink: https://doc.owncloud.com/server/10.0/user_manual/
univentionPortalEntryAuthRestriction: anonymous

dn: cn=owncloud-admindoc,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName: en_US Admin Manual
univentionPortalEntryDisplayName: de_DE Admin Handbuch
cn: owncloud-admindoc
univentionPortalEntryCategory: admin
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryActivate: TRUE
univentionPortalEntryDescription: de_DE ownCloud Administrations-Handbuch (in Englisch)
univentionPortalEntryDescription: en_US ownCloud Administration Manual
univentionPortalEntryLink: https://doc.owncloud.com/server/10.0/admin_manual/
univentionPortalEntryAuthRestriction: anonymous

dn: cn=ucs-local-to-domain,cn=portal,cn=univention,dc=mycompany,dc=intranet
univentionPortalEntryDisplayName: en_US Univention Portal
univentionPortalEntryDisplayName: de_DE Univention Portal
univentionPortalEntryDisplayName: fr_FR Portail Univention
cn: ucs-local-to-domain
univentionPortalEntryCategory: admin
objectClass: top
objectClass: univentionPortalEntry
objectClass: univentionObject
univentionObjectType: settings/portal_entry
univentionPortalEntryActivate: TRUE
univentionPortalEntryDescription: fr_FR Page web du portail central du domaine UCS
univentionPortalEntryDescription: en_US Central portal web page for the UCS domain
univentionPortalEntryDescription:: ZGVfREUgWmVudHJhbGUgUG9ydGFsLVdlYnNlaXRlIGbDvHIgZGllIFVDUy1Eb23DpG5l
univentionPortalEntryLink: https://ucs-4084.mycompany.intranet/univention/portal/
univentionPortalEntryLink: https://192.168.147.130/univention/portal/
univentionPortalEntryLink: http://192.168.1.223/univention/portal/
univentionPortalEntryLink: https://192.168.1.223/univention/portal/
univentionPortalEntryLink: http://192.168.147.130/univention/portal/
univentionPortalEntryLink: http://ucs-4084.mycompany.intranet/univention/portal/
univentionPortalEntryAuthRestriction: anonymous
univentionPortalEntryPortal: cn=local,cn=portal,cn=univention,dc=mycompany,dc=intranet

dn: cn=test,cn=categories,cn=portal,cn=univention,dc=mycompany,dc=intranet
objectClass: top
objectClass: univentionPortalCategory
objectClass: univentionObject
univentionObjectType: settings/portal_category
cn: test
univentionPortalCategoryDisplayName: de_DE Test
univentionPortalCategoryDisplayName: en_US Test

dn: cn=admin,cn=categories,cn=portal,cn=univention,dc=mycompany,dc=intranet
objectClass: top
objectClass: univentionPortalCategory
objectClass: univentionObject
univentionObjectType: settings/portal_category
cn: admin
univentionPortalCategoryDisplayName: en_US Administration
univentionPortalCategoryDisplayName: de_DE Verwaltung

dn: cn=service,cn=categories,cn=portal,cn=univention,dc=mycompany,dc=intranet
objectClass: top
objectClass: univentionPortalCategory
objectClass: univentionObject
univentionObjectType: settings/portal_category
cn: service
univentionPortalCategoryDisplayName: de_DE Applikationen
univentionPortalCategoryDisplayName: en_US Applications

Of course that “mycompany” is just text I replaced, my company name was there and it’s the same everywere.
As you can see there are entries for owncloud and syspass - this is the original portal and also the one I can see in LDAP Directory under ‘domain’ portal, the blog entry is also there and it’s the one that’s being displayed on the current faulty portal.

This is /var/www/univention/portal/portal.json:

{
    "categories": {
        "cn=admin,cn=categories,cn=portal,cn=univention,%@%ldap/base%@%": {
            "display_name": {
                "de_DE": "Verwaltung",
                "en_US": "Administration"
            },
            "dn": "cn=admin,cn=categories,cn=portal,cn=univention,%@%ldap/base%@%"
        },
        "cn=service,cn=categories,cn=portal,cn=univention,%@%ldap/base%@%": {
            "display_name": {
                "de_DE": "Applikationen",
                "en_US": "Applications"
            },
            "dn": "cn=service,cn=categories,cn=portal,cn=univention,%@%ldap/base%@%"
        }
    },
    "entries": {
        "cn=umc-domain,cn=portal,cn=univention,%@%ldap/base%@%": {
            "activated": true,
            "allowedGroups": [],
            "description": {
                "de_DE": "Univention Management Console zur Ver\u00adwal\u00adtung der UCS-Dom\u00e4ne und des lokalen Systems",
                "en_US": "Univention Management Console for admin\u00adis\u00adtra\u00adting the UCS domain and the local system",
                "fr_FR": "Console de gestion Univention pour admin\u00adis\u00adtrer le domaine UCS et le syst\u00e8me local"
            },
            "dn": "cn=umc-domain,cn=portal,cn=univention,%@%ldap/base%@%",
            "favorite": false,
            "links": [
                "/univention/management/"
            ],
            "logo_name": "/univention/portal/icons/entries/umc-domain.svg",
            "name": {
                "de_DE": "System- und Dom\u00e4neneinstellungen",
                "en_US": "System and domain settings",
                "fr_FR": "R\u00e9glages du syst\u00e8me et du domaine"
            }
        },
        "cn=univentionblog,cn=portal,cn=univention,%@%ldap/base%@%": {
            "activated": true,
            "allowedGroups": [],
            "description": {
                "de_DE": "News, Tipps und Best Practices",
                "en_US": "News, tips and best practices",
                "fr_FR": "Nouvelles, conseils et bonne pratique"
            },
            "dn": "cn=univentionblog,cn=portal,cn=univention,%@%ldap/base%@%",
            "favorite": false,
            "links": [
                "https://www.univention.com/news/blog-en/"
            ],
            "logo_name": "/univention/portal/icons/entries/univentionblog.png",
            "name": {
                "de_DE": "Univention Blog",
                "en_US": "Univention Blog",
                "fr_FR": "Univention Blog"
            }
        }
    },
    "links": {},
    "portal": {
        "anonymousEmpty": [],
        "autoLayoutCategories": false,
        "content": [
            [
                "cn=admin,cn=categories,cn=portal,cn=univention,%@%ldap/base%@%",
                [
                    "cn=umc-domain,cn=portal,cn=univention,%@%ldap/base%@%",
                    "cn=univentionblog,cn=portal,cn=univention,%@%ldap/base%@%"
                ]
            ]
        ],
        "dn": "cn=domain,cn=portal,cn=univention,%@%ldap/base%@%",
        "ensureLogin": false,
        "fontColor": "black",
        "logo": null,
        "name": {
            "de_DE": "Univention Portal",
            "en_US": "Univention Portal",
            "fr_FR": "Portail Univention"
        },
        "showApps": false,
        "showLogin": true,
        "showMenu": true,
        "showSearch": true,
        "showServers": true
    }
}

As you can see it’s nowhere near what it should be.

Thanks for help!

Edit: I ran univention-run-join-scripts --force again, I attach the join.log file, only problems I can see are about mysql.secret (I changed root password, but mysql is only used by owncloud and syspass and they both work on own mysql users) and about file permissions, but it was only about /etc/univention/ssl/xxx directory not having chmod 750, I set it and it’s gone.
join.log (76.1 KB)

#5

I really do not understand where your portal.json file comes from. Normally portal.json should not exist in the file system; instead, it’s generated on the fly by the daemon univention-portal-server. Here’s the relevant portion of the Apache configuration file /etc/apache2/ucs-sites.conf.d/univention-portal.conf:

ProxyPass /univention/portal/portal.json http://127.0.0.1:8095/ retry=0
ProxyPassReverse /univention/portal/portal.json http://127.0.0.1:8095/

However, as soon as a file with the same name exists in /var/www/univention/portal, that file takes precedence over those proxy rules (not sure why).

On none of my systems does /var/www/univention/portal/portal.json exist.

Therefore I suggest you delete that file, clear your browser cache and try again.

Well, before you do that, you should use curl for verifying that removing the file changes the situation. Before you remove it, run the following:

curl https://$(hostname -f)/univention/portal/portal.json > portal-before.json
rm /var/www/univention/portal/portal.json
curl https://$(hostname -f)/univention/portal/portal.json > portal-after.json

Then compare the two files. They shouldn’t match; in fact, the portal-after.json should probably contain the correct portal layout as configured in LDAP.

m.

1 Like
Problem: Portal is blank by an Error or Mistake
#6

Thank you!!! Deleting portal.json literally fixed everything!

This portal.json got there because that’s in one of the steps of “Single Server Backup and Restore”:

After that, you must rebuild the UMC portal page. Otherwise you have double portal page entries.

cp /usr/share/univention-portal/portal-unjoined.json /usr/share/univention-portal/portal.json
univention-directory-listener-ctrl resync portal
univention-directory-listener-ctrl resync portal_entry
univention-directory-listener-ctrl resync portal_category

This renames the portal-unjoined.json (the faulty one) to portal.json, causing all the trouble.

Anyway, I’m really thankful for your help :blush: can’t believe it was such a simple fix to such a “complex” problem.

Cool Solution - Single Server Backup and Restore for UCS 4.3
#7

Interesting. I think that information is simply outdated. The list of modules to resync doesn’t match current installations either; there’s only portal_groups and portal_server nowadays. Not sure if a resync is even necessary given that the portal.json is always generated on the fly by the new portal server…

I’ll drop Univention a note that they should take a look at that particular section of the guide.

Oh, and you’re quite welcome :grin:

Mastodon