Update to OX App Suite 7.10.0 for UCS 4.3

OX App Suite 7.10.0 for UCS 4.3

With the update from UCS 4.2 to UCS 4.3-0 the OX Apps (OX App Suite, OX Documents, OX Guard) are automatically updated to version 7.10.0.

Changelog of OX App Suite App in Univention App Center:

  • Release update of Open-Xchange App Suite to version 7.10.0-10. This is a major update of the OX apps. It is therefore advisable to check the corresponding release notes of Open-Xchange before updating:
    https://forum.open-xchange.com/showthread.php?10970-Open-Xchange-releases-OX-App-Suite-v7-10-0-OX-Documents-v7-10-0-and-OX-Guard-v2-10-0
  • Integration of document viewer system (incl. a trial version of the document converter server)
  • Removal of Open-Xchange UI version 6. A new transitional package univention-ox6transition provides missing dependencies
  • Removal of OXtender
  • Removal of all open-xchange-meta-* packages
  • Removal of all transitional packages: univention-mail-antispam-ox, univention-ox-directory-integration, univention-ox-common, univention-ox-framework, open-xchange-meta-server, python-univention-ox-common, univention-ox-ui-v6
  • Handle renamed UDM mail quota property
  • Handle changed UCS 4.3 users/user options
  • Do not recreate the extended attributes on each update of OX App Suite anymore
  • Automatically create cookie salt. Change UCR variable com.openexchange.cookie.hash.salt to set it manually.
  • When updating from UCS 4.2 to UCS 4.3, the JDK/JRE will be upgraded from Java-7 to Java-8.
  • When updating from UCS 4.2, MySQL will be removed and MariaDB will be installed instead, followed by an automatic database migration.

Update procedure

If you have not made any special adjustments to the repositories, proceed as follows:

  • If OX App Suite is installed on the domain controller master, there is nothing special to consider regarding the update sequence.
  • If OX App Suite is installed on a non-master system and the domain controller master is still on UCS version 4.2-x, OX App Suite should first be updated to version 7.8.4-ucs11. Subsequently, the domain controller master and then also the OX system can be updated to UCS 4.3.
  • If OX App Suite is installed on a non-master system and the domain controller master is already installed on UCS version 4.3-x, the domain controller master must first be updated to UCS version 4.3-1 erratum 203 before the update to UCS 4.3-0 can be triggered on the OX system.

If you have chosen the “wrong” way, the update to UCS 4.3-0 may not be started and a corresponding message is written to the file /var/log/univention/updater.log (see below).

“Further release updates are available but cannot be installed.” /
“The update to UCS 4.3 is blocked because the component ‘oxseforucs_…’ is marked as required.”

To install the update to UCS 4.3-0, the app OX App Suite must be updated to at least version 7.8.4-ucs11. This update includes preparations for the update to UCS 4.3-0. In addition, the domain controller master must be updated to at least UCS version 4.3-1 erratum 203 or higher.

Please note: the update to UCS 4.3-1 erratum 203 or higher should also be performed on all domaincontroller backup systems to prevent LDAP issues in case the backup2master procedure is required later on.

“ERROR: The OX Appsuite LDAP schema registration is incorrect.” in updater.log

To correct this error, the domain controller master must be updated to version UCS 4.3-1 erratum 203 or higher. If the Domain Controller Master has been successfully updated, the UCS update to version 4.3-0 can also be installed on the UCS systems with OX App Suite.

Please note: the update to UCS 4.3-1 erratum 203 or higher should also be performed on all domaincontroller backup systems to prevent LDAP issues in case the backup2master procedure is required later on.

How do I check, if the correct LDAP schemes are registered?

Please list all OX LDAP schemes. The following snippet contains the command and a sample output:

root@master:~# udm settings/ldapschema list --filter="cn=oxforucs*" | egrep 'DN:|active'
DN: cn=oxforucs,cn=ldapschema,cn=univention,dc=nstx,dc=local
  active: TRUE

For all listed LDAP schema (may be one or two listed schemes), there must be a line that states active: TRUE.

Next check if the LDAP server uses these schemes:

root@master:~# egrep '^include.*/local-schema/oxforucs' /etc/ldap/slapd.conf
include         /var/lib/univention-ldap/local-schema/oxforucs-extra.schema
include         /var/lib/univention-ldap/local-schema/oxforucs.schema

If one or two include line are listed, everything should be fine.

All available updates are installed, I checked the LDAP schemes and they are ok, but the update to UCS 4.3-0 is still blocked

If all OX and UCS updates have been installed under UCS 4.2, the LDAP schemes are checked and ok and the update to UCS 4.3-0 is still denied, you should first check the UCR variable ox/master/42/registered_ldap_acls on the UCS Domaincontroller Master. It should be set to the value yes:

root@master:~# ucr get ox/master/42/registered_ldap_acls
yes

If not, please run the command /usr/share/univention-ox-directory-integration/reregister_ldap_schema.sh as user root on the UCS domaincontroller master and recheck everything again. Please do NOT set this value to yes manually if any other value or no value at all is set! If yes is returned, then the LDAP schemes has been registered successfully.

Afterwards please check whether login to the UCS master via SSH is possible:

eval "$(univention-config-registry shell)"
univention-ssh /etc/machine.secret ${hostname}\$@$ldap_master /usr/sbin/ucr get ox/master/42/registered_ldap_acls

This call should return a line that only contains the value yes. If this is not the case, please check if there are SSH restrictions on the UCS domaincontroller master that prevent a login via SSH with a password.

Force update

If all of the above steps do not help and you are sure the schema has been applied correctly you might use the following switch at your own risk. Perform a backup before doing so!

ucr set update43/ignore_ox_schema_issue=yes

After this, start the update procedure again.
Please note, that by setting this UCR variable, the schema issue is most likely not fixed . It will only suppress the safety check and allows to continues the update to UCS 4.3-0.
It is strongly recommended that any schema customization issues that occured are investigated and resolved at the latest after the update to UCS 4.3-1 erratum 203 and before any other update of OX App Suite on UCS 4.3. Otherwise, serious problems may occur with later updates of OX App Suite.

Mastodon