/etc/univention/templates/files/etc/apache2/sites-available/univention-directory-manager
WARNING: There are modified Apache configuration files in /etc/univention/templates/files/etc/apache2/sites-available/.
Please restore the original configuration files before upgrading and apply the manual changes again after the upgrade succeeded.
This check can be skipped by setting the UCR
variable update42/ignore_apache_template_checks to yes.
Error: Update aborted by pre-update script of release 4.2-0
exitcode of univention-updater: 1
ERROR: update failed. Please check /var/log/univention/updater.log
We never touched /etc/univention/templates/files/etc/apache2/sites-available/univention-directory-manager manually, there is no .dpkg-dist of this file anywhere.
We replaced the local file with the original one from a completely fresh installation of 4.1-5, but update still won’t contibue.
The programs checks for dpkg-{new,dist} files and if the md5sum of the file differs from the one at package installation time. If you are sure there are no changes you might lose, try deleting the file and reinstall the package it came from:
dpkg -l | grep '^rc'
rc anthy-common 9100h-16.7.201403121251 all input method for Japanese - common files and dictionary
rc bootsplash 3.3-2.16.200909151822 amd64 Enables a graphical boot screen
rc bootsplash-theme-debian 0.5-7.1.5.200909151826 all The bootsplash theme debian
rc console-tools 1:0.2.3dbs-70.17.201403180603 amd64 Linux console and font utilities
rc consolekit 0.4.5-3.1.12.201409242141 amd64 framework for defining and tracking users, sessions and seats
rc cracklib2 2.7-19.8.200710182131 amd64 pro-active password checker library
rc defoma 0.11.11.15.201104231440 all Debian Font Manager -- automatic font configuration framework
rc dhcp3-client 4.1.1-P1-15.19.201211131616 all ISC DHCP server (transitional package)
rc esound-common 0.2.41-8.25.201104251824 all Enlightened Sound Daemon - Common files
rc exim4 4.63-17.5.200710230959 all metapackage to ease exim MTA (v4) installation
rc exim4-base 4.63-17.5.200710230959 amd64 support files for all exim MTA (v4) packages
rc exim4-config 4.63-17.5.200710230959 all configuration for the exim MTA (v4)
rc exim4-daemon-light 4.63-17.5.200710230959 amd64 lightweight exim MTA (v4) daemon
rc firefox 1:7.0.1-5 amd64 lightweight web browser based on Mozilla
rc hdparm 9.32-1.16.201105031410 amd64 tune hard disk parameters for high performance
rc hunspell-de-ch 20071211-1.15.200909091152 all Swiss (German) dictionary for hunspell
rc ia32-libs 20111018.102.201110191345 amd64 ia32 shared libraries for use on amd64 and ia64 systems
rc ia32-libs-gtk 20111108.48.201111111043 amd64 GTK+ ia32 shared libraries
rc ia32-sun-java6-bin 6.26-0.36.201107281152 amd64 Sun Java(TM) Runtime Environment (JRE) 6 (32-bit)
rc ikarus-gatewaysecurity 3.36.10 amd64 Filter for URLs, Content, SPAM and AntiVirus - HTTP Description: E-Mail
rc initrd-tools 0.1.84.2.14.200909161132 all tools to create initrd image for prepackaged Linux kernel
rc klogd 1.5-5.15.200910141128 amd64 Kernel Logging Daemon
rc lib32asound2 1.0.23-2.1.17.201104181309 amd64 shared library for ALSA applications (32 bit)
rc libanthy0:amd64 9100h-16.7.201403121251 amd64 input method for Japanese - runtime library
rc libatasmart4:amd64 0.19-1.4.201403250617 amd64 ATA S.M.A.R.T. reading and parsing library
rc libaudiofile0 0.2.6-8.13.201104191209 amd64 Open-source version of SGI's audiofile library
rc libbind9-40 1:9.5.1.dfsg.P1-2.92.201112201143 amd64 BIND9 Shared Library used by BIND
rc libbonobo2-0 2.24.3-1.21.201105231447 amd64 Bonobo CORBA interfaces library
rc libbonobo2-common 2.24.3-1.21.201105231447 all Bonobo CORBA interfaces library -- support files
rc libc-client2007b 7:2007b~dfsg-4.34.201011230736 amd64 c-client library for mail protocols - library files
rc libc-client2007e 8:2007e~dfsg-3.1.36.201104252228 amd64 c-client library for mail protocols - library files
rc libck-connector0:amd64 0.4.5-3.1.12.201409242141 amd64 ConsoleKit libraries
rc libcryptsetup4 2:1.4.3-4.11.201409251624 amd64 disk encryption support - shared library
rc libdatrie0 0.1.3-2.11.200909220022 amd64 Double-array trie library
rc libdcerpc0 2:4.1.0-1.722.201502181223 amd64 DCE/RPC client library
rc libdevmapper1.02 2:1.02.08-1.11.200710190237 amd64 The Linux Kernel Device Mapper userspace library
rc libdns46 1:9.5.1.dfsg.P1-2.92.201112201143 amd64 DNS Shared Library used by BIND
rc libdns81 1:9.8.0.P4-1.102.201307290920 amd64 DNS Shared Library used by BIND
rc libdrm-nouveau1 2.4.21-1.21.201104270907 amd64 Userspace interface to nouveau-specific kernel DRM services -- runtime
rc libept0 0.5.22.2.200909222220 amd64 High-level library for managing Debian package information
rc libept1 1.0.4.4.201104271302 amd64 High-level library for managing Debian package information
rc libesd0 0.2.41-8.25.201104251824 amd64 Enlightened Sound Daemon - Shared libraries
rc libevent-1.4-2 1.4.13-stable-1.13.201104271330 amd64 An asynchronous event notification library
rc libgdu0 2.30.1-2.2.201104291203 amd64 GObject based Disk Utility Library
rc libgensec0 2:4.1.0-1.722.201502181223 amd64 Generic Security Library
rc libgnome-keyring0:amd64 3.4.1-1.15.201409291751 amd64 GNOME keyring services library
rc libgnome2-common 2.30.0-1.21.201104281242 all The GNOME library - common files
rc libgsf-1-114 1.14.21-2.1.20.201403201210 amd64 Structured File Library - runtime version
rc libgssapi2 0.10-4.4.200710210402 amd64 A mechanism-switch gssapi library
rc libgssapi4-heimdal 0.7.2.dfsg.1-10.121.200902100944 amd64 Libraries for Heimdal Kerberos
rc libgudev-1.0-0:amd64 175-7.2.46.201403112156 amd64 GObject-based wrapper library for libudev
rc libhdb7-heimdal 0.7.2.dfsg.1-10.121.200902100944 amd64 Libraries for Heimdal Kerberos
rc libisc81 1:9.8.0.P4-1.102.201307290920 amd64 ISC Shared Library used by BIND
rc libisccfg40 1:9.5.1.dfsg.P1-2.92.201112201143 amd64 Config File Handling Library used by BIND
rc libisccfg80 1:9.8.0.P4-1.102.201307290920 amd64 Config File Handling Library used by BIND
rc libkadm5clnt4-heimdal 0.7.2.dfsg.1-10.121.200902100944 amd64 Libraries for Heimdal Kerberos
rc libkadm5srv7-heimdal 0.7.2.dfsg.1-10.121.200902100944 amd64 Libraries for Heimdal Kerberos
rc libkpathsea5 2009-8.10.201104231525 amd64 TeX Live: path search library for TeX (runtime part)
rc libkrb5-17-heimdal 0.7.2.dfsg.1-10.121.200902100944 amd64 Libraries for Heimdal Kerberos
rc liblua50 5.0.3-6.12.201403140000 amd64 Main interpreter library for the Lua 5.0 programming language
rc liblualib50 5.0.3-6.12.201403140000 amd64 Extension library for the Lua 5.0 programming language
rc liblvm2app2.2:amd64 2.02.95-8.17.201403140321 amd64 LVM2 application library
rc libmysqlclient16 5.1.73-1.34.201404280904 amd64 MySQL database client library
rc libndr-standard0 2:4.1.0-1.722.201502181223 amd64 Standard NDR interfaces
rc libndr0 2:4.1.0-1.722.201502181223 amd64 NDR marshalling library
rc libnetapi0 2:4.1.0-1.722.201502181223 amd64 shared library for administrative communication with DCE/RPC servers
rc libnl1:amd64 1.1-7.13.201403241716 amd64 library for dealing with netlink sockets
rc libpam-smbpass 2:3.2.13-1.435.201006281034 amd64 pluggable authentication module for SMB/CIFS password database
rc libpango1.0-common 1.28.3-1.47.201105191029 all Modules and configuration files for the Pango
rc libparted0debian1:amd64 2.3-12.35.201409252021 amd64 disk partition manipulator - shared library
rc libpci2 2:2.1.11-3.2.200710210630 amd64 Obsolete shared library for accessing pci devices
rc libpolkit-agent-1-0:amd64 0.105-3.21.201403261744 amd64 PolicyKit Authentication Agent API
rc libpolkit-backend-1-0:amd64 0.105-3.21.201403261744 amd64 PolicyKit backend API
rc libpolkit-gobject-1-0:amd64 0.105-3.21.201403261744 amd64 PolicyKit Authorization API
rc libpoppler5 0.12.4-1.2.44.201408291719 amd64 PDF rendering library
rc libpq4 8.1.9-0.5.200909181054 amd64 PostgreSQL C client library
rc libpython2.6 2.6.8-1.1.31.201409241932 amd64 Shared Python runtime library (version 2.6)
rc libreaderengine-core02x 4.2.9.51.0-51 amd64 Office core module for ReaderEngine
rc libreaderengine-core06x 4.2.9.51.0-51 amd64 Office core module for ReaderEngine
rc libregistry0 2:4.1.0-1.722.201502181223 amd64 Registry library
rc libroken16-heimdal 0.7.2.dfsg.1-10.121.200902100944 amd64 Libraries for Heimdal Kerberos
rc libruby1.8 1.8.7.358-7.1.31.201403180610 amd64 Libraries necessary to run Ruby 1.8
rc libsamba-credentials0 2:4.1.0-1.722.201502181223 amd64 Samba Credentials management library
rc libsamba-hostconfig0 2:4.1.0-1.722.201502181223 amd64 Samba host configuration library
rc libsamba-policy0 2:4.1.0-1.722.201502181223 amd64 Samba policy management
rc libsamba-util0 2:4.1.0-1.722.201502181223 amd64 Samba utility function library
rc libsamdb0 2:4.1.0-1.722.201502181223 amd64 SAM database
rc libsgutils2-2 1.33-1.13.201403190957 amd64 utilities for devices using the SCSI command set (shared libraries)
rc libsmbclient-raw0 2:4.1.0-1.722.201502181223 amd64 SMB client library
rc libxcb-atom1 0.3.6-1.4.201104271402 amd64 utility libraries for X C Binding -- atom
rc libxcb-aux0 0.3.6-1.4.201104271402 amd64 utility libraries for X C Binding -- aux
rc libxcb-event1 0.3.6-1.4.201104271402 amd64 utility libraries for X C Binding -- event
rc libxcb-xlib0 1.1-1.2.11.201005251525 amd64 X C Binding, Xlib/XCB interface library
rc lvm-common 1.5.20.4.200710211053 amd64 The Logical Volume Manager for Linux (common files)
rc modutils 2.4.27.0-6.9.200710211302 amd64 Linux module utilities
rc mysql-server-5.0 5.0.51a-24.26.200910141858 amd64 MySQL database server binaries
rc mysql-server-5.1 5.1.73-1.34.201404280904 amd64 MySQL database server binaries and system database setup
rc ntfs-3g 1:2012.1.15AR.5-2.1.5.201403182122 amd64 read/write NTFS driver for FUSE
rc odbcinst1debian1 2.2.11-16.11.200909141703 amd64 Support library and helper program for accessing odbc ini files
rc open-xchange-admin-plugin-hosting 6.20.7.0-15 all Open Xchange Admin Hosting Plugin
rc open-xchange-documents-ui-viewer 7.6.2-12 all The Open-Xchange Viewer web application
rc open-xchange-file-storage-config 6.20.7.0-15 all The Open-Xchange File Storage Config Bundle
rc open-xchange-folder-json 6.20.7.0-15 all The Open-Xchange folder JSON interface bundle
rc open-xchange-http-deferrer 6.20.7.0-15 all The Open-Xchange Deferrer Servlet
rc open-xchange-i18n 6.20.7.0-15 all The Open-Xchange i18n Bundle
rc open-xchange-management 6.20.7.0-15 all The Open-Xchange Management Bundle
rc open-xchange-messaging-facebook 6.20.7.0-15 all The Open-Xchange Messaging Facebook Bundle
rc open-xchange-messaging-rss 6.20.7.0-15 all The Open-Xchange Messaging RSS Bundle
rc open-xchange-messaging-twitter 6.20.7.0-15 all The Open-Xchange Messaging Twitter Bundle
rc open-xchange-oauth-facebook 6.20.7.0-15 all Facebook via OAuth for Open-Xchange Server 6
rc open-xchange-oauth-linkedin 6.20.7.0-16 all LinkedIn via OAuth for Open-Xchange Server 6
rc open-xchange-oauth-msn 6.20.7.0-15 all WindowsLive / MSN via OAuth for Open-Xchange Server 6
rc open-xchange-oauth-twitter 6.20.7.0-15 all Twitter via OAuth for Open-Xchange Server 6
rc open-xchange-publish-basic 6.20.7.0-15 all Basic OSGi based implementation of the publication infrastructure
rc open-xchange-publish-microformats 6.20.7.0-15 all Publishes a set of objects in OXMF externally
rc open-xchange-push 6.20.7.0-15 all The Open-Xchange Push Bundle
rc open-xchange-push-mailnotify 6.20.4.0-1 all Open-Xchange Mail Push Bundle
rc open-xchange-push-udp 6.20.7.0-15 all The Open-Xchange Server Push UDP Bundle
rc open-xchange-secret 6.20.7.0-15 all Creates plugin architecture for supplying the application with secret strings used for encryption and decryption.
rc open-xchange-settings-extensions 6.20.7.0-15 all The Open-Xchange Settings Extensions
rc open-xchange-subscribe-crawler 6.20.7.0-15 all Subscribe Crawler feeds
rc open-xchange-subscribe-facebook 6.20.7.0-15 all Facebook Subscription Source for Open-Xchange Server 6
rc open-xchange-subscribe-linkedin 6.20.7.0-15 all LinkedIn Subscription Source for Open-Xchange Server 6
rc open-xchange-subscribe-microformats 6.20.7.0-15 all Subscribe Microformat feeds
rc open-xchange-subscribe-msn 6.20.7.0-15 all MSN Subscription Source for Open-Xchange Server 6
rc open-xchange-templating 6.20.7.0-15 all Provides access to the templating subsystem
rc open-xchange-threadpool 6.20.7.0-15 all The Open-Xchange Thread Pool Bundle
rc open-xchange-twitter 6.20.7.0-15 all The Open-Xchange Twitter Bundle
rc openjdk-6-jre:amd64 6b33-1.13.5-2.74.201412171318 amd64 OpenJDK Java runtime, using Hotspot JIT
rc openjdk-6-jre-headless:amd64 6b33-1.13.5-2.74.201412171318 amd64 OpenJDK Java runtime, using Hotspot JIT (headless)
rc php5-imap 5.3.3-7.207.201411271302 amd64 IMAP module for php5
rc policykit-1 0.105-3.21.201403261744 amd64 framework for managing administrative policies and privileges
rc policykit-1-gnome 0.96-3.4.201104292019 amd64 GNOME authentication agent for PolicyKit-1
rc portmap 6.0.0-2.17.201104140440 amd64 RPC port mapper
rc python2.4 2.4.6-1.51.201101251202 amd64 An interactive high-level object-oriented language (version 2.4)
rc python2.5 2.5.5-11.15.201105061218 amd64 An interactive high-level object-oriented language (version 2.5)
rc samba 2:4.2.0~rc2-1.728.201503051522 amd64 SMB/CIFS file, print, and login server for Unix
rc sysklogd 1.5-5.15.200910141128 amd64 System Logging Daemon
rc tetex-extra 2007.dfsg.1-5.9.201005271131 all TeX Live: teTeX transitional package
rc texlive-base-bin 2007.dfsg.2-4.8.201005271113 amd64 TeX Live: Essential binaries
rc texlive-bibtex-extra 2007.dfsg.17-1.5.200910151325 all TeX Live: Extra BibTeX styles
rc texlive-font-utils 2007.dfsg.2-4.8.201005271113 amd64 TeX Live: TeX font-related programs
rc texlive-fonts-extra 2007.dfsg.17-1.5.200910151325 all TeX Live: Extra fonts
rc texlive-generic-recommended 2007.dfsg.1-5.9.201005271131 all TeX Live: Miscellaneous generic macros
rc texlive-lang-croatian 2007.dfsg.4-1.2.200909230040 all TeX Live: Croatian
rc texlive-lang-cyrillic 2007.dfsg.4-1.2.200909230040 all TeX Live: Cyrillic
rc texlive-lang-czechslovak 2007.dfsg.4-1.2.200909230040 all TeX Live: Czech/Slovak
rc texlive-lang-danish 2007.dfsg.4-1.2.200909230040 all TeX Live: Danish
rc texlive-lang-dutch 2007.dfsg.4-1.2.200909230040 all TeX Live: Dutch
rc texlive-lang-finnish 2007.dfsg.4-1.2.200909230040 all TeX Live: Finnish
rc texlive-lang-french 2007.dfsg.4-1.2.200909230040 all TeX Live: French
rc texlive-lang-greek 2007.dfsg.4-1.2.200909230040 all TeX Live: Greek typesetting
rc texlive-lang-hungarian 2007.dfsg.4-1.2.200909230040 all TeX Live: Hungarian
rc texlive-lang-italian 2007.dfsg.4-1.2.200909230040 all TeX Live: Italian
rc texlive-lang-latin 2007.dfsg.4-1.2.200909230040 all TeX Live: Latin
rc texlive-lang-mongolian 2007.dfsg.4-1.2.200909230040 all TeX Live: Mongolian
rc texlive-lang-norwegian 2007.dfsg.4-1.2.200909230040 all TeX Live: Norwegian
rc texlive-lang-other 2007.dfsg.4-1.2.200909230040 all TeX Live: Other hyphenation files
rc texlive-lang-polish 2007.dfsg.4-1.2.200909230040 all TeX Live: Polish
rc texlive-lang-portuguese 2007.dfsg.4-1.2.200909230040 all TeX Live: Portuguese
rc texlive-lang-spanish 2007.dfsg.4-1.2.200909230040 all TeX Live: Spanish
rc texlive-lang-swedish 2007.dfsg.4-1.2.200909230040 all TeX Live: Swedish
rc texlive-lang-vietnamese 2007.dfsg.4-1.2.200909230040 all TeX Live: Vietnamese
rc texlive-math-extra 2007.dfsg.17-1.5.200910151325 all TeX Live: Advanced math typesetting
rc texlive-pstricks 2007.dfsg.17-1.5.200910151325 all TeX Live: PSTricks packages
rc texlive-publishers 2007.dfsg.17-1.5.200910151325 all TeX Live: Support for publishers
rc tripwire 2.4.2.2-2 amd64 file and directory integrity checker
rc udisks 1.0.4-7.9.201406191816 amd64 storage media interface
rc univention-ad-connector 9.0.11-9.464.201501261347 all UCS - Modules for sync UCS and Active Directory
rc univention-directory-manager 8.0.80-1.346.201110211713 all UCS - Web based administration tool
rc univention-mail-postfix-forward 1.0.0-22.52.200811191202 all UCS - postfix forward configuration
rc univention-oxae 2.0.13-1.20.201005031509 all UCS - Open-Xchange oxae integration
rc univention-s4-connector 9.0.16-13.544.201503051754 all UCS - Modules for sync UCS and Samba4 LDB directory
rc univention-samba-local-config 9.0.5-4.494.201501231224 all UCS - UCR Extensions for configuration of local shares
rc univention-samba4 4.0.3-5.603.201501081059 amd64 UCS - Samba4 integration package
rc univention-samba4-sysvol-sync 4.0.3-5.603.201501081059 all UCS - Samba4 sysvol synchronization
rc univention-webui-style 5.0.68-1.181.201108151750 all Styleset for Univention WebUI - Web based user interfaces
rc winbind 2:4.2.0~rc2-1.728.201503051522 amd64 service to resolve user and group information from Windows NT servers
rc xulrunner-1.9 1.9.0.19-1.22.201006162031 amd64 XUL + XPCOM application runner
univention-check-templates
WARNING: The following UCR files are modified locally.
Updated versions will be named FILENAME.dpkg-*.
The files should be checked for differences.
/etc/univention/templates/files/etc/aliases
/etc/univention/templates/files/etc/apache2/sites-available/univention-directory-manager
/etc/univention/templates/files/etc/cron.d/univention-directory-reports-cleanup
/etc/univention/templates/files/etc/cron.d/univention-ox-spamrunner
/etc/univention/templates/files/etc/init.d/postfix
/etc/univention/templates/files/etc/ntp.conf
/etc/univention/templates/files/etc/postfix/main.cf.d/10_general
/etc/univention/templates/files/etc/profile
/etc/univention/templates/files/etc/ssh/sshd_config
/etc/univention/templates/files/var/www/ucs-overview/de.html.d/01de.html
/etc/univention/templates/files/var/www/ucs-overview/de.html.d/99de.html
/etc/univention/templates/files/var/www/ucs-overview/en.html.d/01en.html
/etc/univention/templates/files/var/www/ucs-overview/en.html.d/99en.html
yes seems quite so.
Samba might have been installed a while ago, but is defo not needed at all. UCS is really just an IMS for OX in this case.
any idea how to clean this thing out and best proceed for the update?
ok… that seemed to have done the job. purged all the rc packages and upgraded to 4.2-3 without problems.
But now Open-Xchange will not let anyone login anymore:
ok, I now know, what the problem is:
The TLS connection to LDAP is not being established, maybe because an old SHA1 or MD5 signed cert is being used.
We do in fact use a commodo DV cert for apache, cyrus and postfix, which does support TLS v1.0 - v1.2 however.
But is this the certificate we’re talking about for the LDAP connection? I don’t think so really.
So the question would be: How do we get the LDAP connection working, would we need to rebuild the certificate, or not?
how do you figure that the connection to the LDAP server is what’s not working? Do you have any log messages that say so?
Normally the Univention LDAP servers (both the OpenLDAP one and Samba’s) use a certificate generated by the local UCS CA. Both are independent of other services that might use official, external certificates such as web or mail servers. I’ve never seen the certificate for the LDAP servers changed to a non-UCS-CA one, and I cannot think of a good reason for such an action.
Therefore the certificate should be OK.
One possibility is that the configuration data for Open-Xchange’s authentication plugin isn’t in sync. That file is /opt/open-xchange/etc/authplugin.properties. The most important thing you can check is whether the value given in com.openexchange.authentication.ucs.bindPassword is the same as the value in the file /etc/machine.secret as the machine’s LDAP account is usually used for binding to the LDAP server. It’s possible the machine account’s been changed in the meantime, but the password hasn’t been updated in the authplugin.properties file.
A somewhat better test would be to try to run an LDAP search with the values given in the file. Run the following command (copy & paste is highly recommended) which reads all relevant connection parameters from that authplugin.properties:
