Updated some sieve templates

[gosa.git] / gosa-si / modules / ClientPackages.pm

diff --git a/gosa-si/modules/ClientPackages.pm b/gosa-si/modules/ClientPackages.pm
index c64264a1be58127c66af8db8ccaf988bf967719e..f714cd46608c47190ce216a4742670e9586fe968 100644 (file)
--- a/gosa-si/modules/ClientPackages.pm
+++ b/gosa-si/modules/ClientPackages.pm
@@ -1,12 +1,11 @@
 package ClientPackages;
 
-use Exporter;
-@ISA = ("Exporter");
-
 # Each module has to have a function 'process_incoming_msg'. This function works as a interface to gosa-sd and receives the msg hash from gosa-sd. 'process_incoming_function checks, wether it has a function to process the incoming msg and forward the msg to it. 
 
 use strict;
 use warnings;
+
+use Exporter;
 use GOSA::GosaSupportDaemon;
 use IO::Socket::INET;
 use XML::Simple;
@@ -17,6 +16,8 @@ use Net::LDAP::Util;
 use Socket;
 use Net::hostent;
 
+our @ISA = ("Exporter");
+
 my $event_dir = "/usr/lib/gosa-si/server/ClientPackages";
 use lib "/usr/lib/gosa-si/server/ClientPackages";
 
@@ -24,10 +25,8 @@ BEGIN{}
 END {}
 
 my ($server_ip, $server_port, $ClientPackages_key, $max_clients, $ldap_uri, $ldap_base, $ldap_admin_dn, $ldap_admin_password, $server_interface);
-#my ($bus_activ, $bus_key, $bus_ip, $bus_port);
 my $server;
 my $network_interface;
-#my $no_bus;
 my (@ldap_cfg, @pam_cfg, @nss_cfg, $goto_admin, $goto_secret);
 my $mesg;
 
@@ -64,11 +63,19 @@ my ($error, $result, $event_hash) = &import_events($event_dir);
 
 foreach my $log_line (@$result) {
     if ($log_line =~ / succeed: /) {
-        &main::daemon_log("0 DEBUG: ClientPackages - $log_line", 7);
+        &main::daemon_log("0 INFO: ClientPackages - $log_line", 5);
     } else {
         &main::daemon_log("0 ERROR: ClientPackages - $log_line", 1);
     }
 }
+# build vice versa event_hash, event_name => module
+my $event2module_hash = {};
+while (my ($module, $mod_events) = each %$event_hash) {
+    while (my ($event_name, $nothing) = each %$mod_events) {
+        $event2module_hash->{$event_name} = $module;
+    }
+
+}
 
 # Unit tag can be defined in config
 if((not defined($main::gosa_unit_tag)) || length($main::gosa_unit_tag) == 0) {
@@ -139,12 +146,39 @@ if((not defined($main::gosa_unit_tag)) || length($main::gosa_unit_tag) == 0) {
        } else {
                &main::daemon_log("0 INFO: Using gosaUnitTag from config-file: $main::gosa_unit_tag",5);
        }
+    &main::release_ldap_handle($ldap_handle);
 }
 
 
 my $server_address = "$server_ip:$server_port";
 $main::server_address = $server_address;
 
+{
+  # Check if ou=incoming exists
+  # TODO: This should be transferred to a module init-function
+  my $ldap_handle = &main::get_ldap_handle();
+  if( defined($ldap_handle) ) {
+    &main::daemon_log("0 INFO: Searching for ou=incoming container for new clients", 5);
+    # Perform search
+    my $mesg = $ldap_handle->search(
+      base   => $ldap_base,
+      scope  => 'one',
+      filter => "(&(ou=incoming)(objectClass=organizationalUnit))"
+    );
+    if(not defined($mesg->count) or $mesg->count == 0) {
+            my $incomingou = Net::LDAP::Entry->new();
+            $incomingou->dn('ou=incoming,'.$ldap_base);
+            $incomingou->add('objectClass' => 'organizationalUnit');
+            $incomingou->add('ou' => 'incoming');
+            my $result = $incomingou->update($ldap_handle);
+            if($result->code != 0) {
+                &main::daemon_log("0 ERROR: Problem adding ou=incoming: '".$result->error()."'!", 1);
+            }
+    }
+  }
+  &main::release_ldap_handle($ldap_handle);
+}
+
 
 ### functions #################################################################
 
@@ -152,6 +186,7 @@ $main::server_address = $server_address;
 sub get_module_info {
     my @info = ($server_address,
                 $ClientPackages_key,
+                $event_hash,
                 );
     return \@info;
 }
@@ -269,26 +304,24 @@ sub process_incoming_msg {
     # skip PREFIX
     $header =~ s/^CLMSG_//;
 
-    &main::daemon_log("$session_id DEBUG: ClientPackages: msg to process: $header", 7);
+    &main::daemon_log("$session_id DEBUG: ClientPackages: msg to process: $header", 26);
 
     if( 0 == length @target_l){     
         &main::daemon_log("$session_id ERROR: no target specified for msg $header", 1);
         $error++;
-    }
-
-    if( 1 == length @target_l) {
+    } elsif( 1 == length @target_l) {
         my $target = $target_l[0];
-               if(&server_matches($target)) {
+               if(&server_matches($target, $session_id)) {
             if ($header eq 'new_key') {
                 @out_msg_l = &new_key($msg_hash)
             } elsif ($header eq 'here_i_am') {
                 @out_msg_l = &here_i_am($msg, $msg_hash, $session_id)
             } else {
                 # a event exists with the header as name
-                if( exists $event_hash->{$header} ) {
-                    &main::daemon_log("$session_id INFO: found event '$header' at event-module '".$event_hash->{$header}."'", 5);
+                if( exists $event2module_hash->{$header} ) {
+                    &main::daemon_log("$session_id DEBUG: found event '$header' at event-module '".$event2module_hash->{$header}."'", 26);
                     no strict 'refs';
-                    @out_msg_l = &{$event_hash->{$header}."::$header"}($msg, $msg_hash, $session_id);
+                    @out_msg_l = &{$event2module_hash->{$header}."::$header"}($msg, $msg_hash, $session_id);
 
                 # if no event handler is implemented   
                 } else {
@@ -330,19 +363,14 @@ sub process_incoming_msg {
                 @out_msg_l = ();
             }  elsif ($out_msg_l[0] eq 'knownclienterror') {
                 &main::daemon_log("$session_id ERROR: no or more than 1 hits are found at known_clients_db with sql query: '$sql_events'", 1);
-                &main::daemon_log("$session_id WARNING: processing is aborted and message will not be forwarded");
+                &main::daemon_log("$session_id ERROR: processing is aborted and message will not be forwarded", 1);
                 @out_msg_l = ();
             } elsif ($out_msg_l[0] eq 'noeventerror') {
-                &main::daemon_log("$session_id WARNING: client '$target' is not registered for event '$header', processing is aborted", 1); 
+                &main::daemon_log("$session_id ERROR: client '$target' is not registered for event '$header', processing is aborted", 1); 
                 @out_msg_l = ();
             }
-
-
-
-
-        }
-               else {
-                       &main::daemon_log("INFO: msg is not for gosa-si-server '$server_address', deliver it to target '$target'", 5);
+        } else {
+                       &main::daemon_log("DEBUG: msg is not for gosa-si-server '$server_address', deliver it to target '$target'", 26);
                        push(@out_msg_l, $msg);
                }
     }
@@ -424,9 +452,9 @@ sub here_i_am {
     if ( defined($msg_hash->{'force-hostname'}[0]) &&
        length($msg_hash->{'force-hostname'}[0]) > 0){
     #      $heap->{force-hostname}->{$mac_address}= $msg_hash->{'force-hostname'}[0];
-           open (TFILE, ">/var/tmp/$mac_address");
-           print TFILE $msg_hash->{'force-hostname'}[0];
-           close (TFILE); 
+           open (my $TFILE, ">", "/var/tmp/$mac_address");
+           print $TFILE $msg_hash->{'force-hostname'}[0];
+           close ($TFILE); 
     } else {
     #      $heap->{force-hostname}->{$mac_address}= undef;
        if ( -e "/var/tmp/$mac_address") {
@@ -442,16 +470,16 @@ sub here_i_am {
     my $db_res= $main::known_clients_db->select_dbentry( $sql_statement );
     
     if ( 1 == keys %{$db_res} ) {
-        &main::daemon_log("$session_id WARNING: $source is already known as a client", 1);
-        &main::daemon_log("$session_id WARNING: values for $source are being overwritten", 1);   
+        &main::daemon_log("$session_id WARNING: $source is already known as a client", 3);
+        &main::daemon_log("$session_id WARNING: values for $source are being overwritten", 3);   
         $nu_clients --;
     }
 
-    # number of actual activ clients
+    # number of current active clients
     my $act_nu_clients = $nu_clients;
 
-    &main::daemon_log("$session_id INFO: number of actual activ clients: $act_nu_clients", 5);
-    &main::daemon_log("$session_id INFO: number of maximal allowed clients: $max_clients", 5);
+    &main::daemon_log("$session_id DEBUG: number of current active clients: $act_nu_clients", 26);
+    &main::daemon_log("$session_id DEBUG: number of maximal allowed clients: $max_clients", 26);
 
     if($max_clients <= $act_nu_clients) {
         my $out_hash = &create_xml_hash("denied", $server_address, $source);
@@ -479,14 +507,13 @@ sub here_i_am {
                                                 } );
 
     if ($res != 0)  {
-        &main::daemon_log("$session_id ERROR: cannot add entry to known_clients: $res");
+        &main::daemon_log("$session_id ERROR: cannot add entry to known_clients: $res",1);
         return;
     }
     
     # return acknowledgement to client
     $out_hash = &create_xml_hash("registered", $server_address, $source);
 
-
     # give the new client his ldap config
     # Workaround: Send within the registration response, if the client will get an ldap config later
        my $new_ldap_config_out = &new_ldap_config($source, $session_id);
@@ -499,7 +526,7 @@ sub here_i_am {
                "SET status='error', result='$new_ldap_config_out' ".
                "WHERE status='processing' AND macaddress LIKE '$mac_address'";
                my $res = $main::job_db->update_dbentry($sql_statement);
-               &main::daemon_log("$session_id DEBUG: $sql_statement RESULT: $res", 7);         
+               &main::daemon_log("$session_id DEBUG: $sql_statement RESULT: $res", 26);         
        }
     my $register_out = &create_xml_string($out_hash);
     push(@out_msg_l, $register_out);
@@ -509,18 +536,63 @@ sub here_i_am {
             push(@out_msg_l, $new_ldap_config_out);
     }
 
+    # Send client hardware configuration
        my $hardware_config_out = &hardware_config($msg, $msg_hash, $session_id);
        if( $hardware_config_out ) {
                push(@out_msg_l, $hardware_config_out);
        }
 
+    # Send client ntp server
+    my $ntp_config_out = &new_ntp_config($mac_address, $session_id);
+    if ($ntp_config_out) {
+        push(@out_msg_l, $ntp_config_out);
+    }
+
+    # Send client syslog server
+    my $syslog_config_out = &new_syslog_config($mac_address, $session_id);
+    if ($syslog_config_out) {
+        push(@out_msg_l, $syslog_config_out);
+    }
+
+    # update ldap entry if exists
+    my $ldap_handle= &main::get_ldap_handle();
+    my $ldap_res= $ldap_handle->search(
+                base   => $ldap_base,
+                scope  => 'sub',
+                #attrs => ['ipHostNumber'],
+                filter => "(&(objectClass=GOhard)(macAddress=$mac_address))");
+    if($ldap_res->code) {
+            &main::daemon_log("$session_id ERROR: LDAP Entry for client with mac address $mac_address not found: ".$ldap_res->error, 1);
+    } elsif ($ldap_res->count != 1) {
+            &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not updating ldap entry".
+                            "\n\tbase: $ldap_base".
+                            "\n\tscope: sub".
+                            "\n\tattrs: ipHostNumber".
+                            "\n\tfilter: (&(objectClass=GOhard)(macaddress=$mac_address))", 1);
+    } else {
+            my $entry= $ldap_res->pop_entry();
+            my $ip_address= $entry->get_value('ipHostNumber');
+            my $source_ip= ($1) if $source =~ /^([0-9\.]*?):[0-9]*$/;
+            if(not defined($ip_address) and defined($source_ip)) {
+                $entry->add( 'ipHostNumber' => $source_ip );
+                my $mesg= $entry->update($ldap_handle);
+                $mesg->code && &main::daemon_log("$session_id ERROR: Updating IP Address for client with mac address $mac_address failed with '".$mesg->mesg()."'", 1);
+            } elsif(defined($source_ip) and not ($source_ip eq $ip_address)) {
+                $entry->replace( 'ipHostNumber' => $source_ip );
+                my $mesg= $entry->update($ldap_handle);
+                $mesg->code && &main::daemon_log("$session_id ERROR: Updating IP Address for client with mac address $mac_address failed with '".$mesg->mesg()."'", 1);
+            } elsif (not defined($source_ip)) {
+                &main::daemon_log("ERROR: Could not parse source value '$source' perhaps not an ip address?", 1);
+            }
+    }
+    &main::release_ldap_handle($ldap_handle);
+
     # notify registered client to all other server
     my %mydata = ( 'client' => $source, 'macaddress' => $mac_address);
     my $mymsg = &build_msg('new_foreign_client', $main::server_address, "KNOWN_SERVER", \%mydata);
     push(@out_msg_l, $mymsg);
 
-    &main::daemon_log("$session_id INFO: register client $source ($mac_address)", 5);
-    &main::daemon_log("$session_id INFO: client version: $client_status - $client_revision", 5); 
+    &main::daemon_log("$session_id INFO: register client $source ($mac_address), $client_status - $client_revision", 5);
     return @out_msg_l;
 }
 
@@ -538,7 +610,7 @@ sub who_has {
     # what is your search pattern
     my $search_pattern = @{$msg_hash->{who_has}}[0];
     my $search_element = @{$msg_hash->{$search_pattern}}[0];
-    &main::daemon_log("who_has-msg looking for $search_pattern $search_element", 7);
+    #&main::daemon_log("who_has-msg looking for $search_pattern $search_element", 7);
 
     # scanning known_clients for search_pattern
     my @host_addresses = keys %$main::known_clients;
@@ -574,6 +646,159 @@ sub who_has_i_do {
 }
 
 
+sub new_syslog_config {
+    my ($mac_address, $session_id) = @_;
+    my $syslog_msg;
+    my $ldap_handle=&main::get_ldap_handle();
+
+       # Perform search
+    my $ldap_res = $ldap_handle->search( base   => $ldap_base,
+               scope  => 'sub',
+               attrs => ['gotoSyslogServer'],
+               filter => "(&(objectClass=GOhard)(macaddress=$mac_address))");
+       if($ldap_res->code) {
+               &main::daemon_log("$session_id ERROR: new_syslog_config: ldap search: ".$ldap_res->error, 1);
+        &main::release_ldap_handle($ldap_handle);
+               return;
+       }
+
+       # Sanity check
+       if ($ldap_res->count != 1) {
+               &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not sending syslog config".
+                "\n\tbase: $ldap_base".
+                "\n\tscope: sub".
+                "\n\tattrs: gotoSyslogServer".
+                "\n\tfilter: (&(objectClass=GOhard)(macaddress=$mac_address))", 1);
+        &main::release_ldap_handle($ldap_handle);
+               return;
+       }
+
+       my $entry= $ldap_res->entry(0);
+    my $filter_dn = &Net::LDAP::Util::escape_filter_value($entry->dn);
+       my $syslog_server = $entry->get_value("gotoSyslogServer");
+
+    # If no syslog server is specified at host, just have a look at the object group of the host
+    # Perform object group search
+    if (not defined $syslog_server) {
+        my $ldap_res = $ldap_handle->search( base   => $ldap_base,
+                scope  => 'sub',
+                attrs => ['gotoSyslogServer'],
+                filter => "(&(gosaGroupObjects=[W])(objectClass=gosaGroupOfNames)(member=$filter_dn))");
+        if($ldap_res->code) {
+            &main::daemon_log("$session_id ERROR: new_syslog_config: ldap search: ".$ldap_res->error, 1);
+            &main::release_ldap_handle($ldap_handle);
+            return;
+        }
+
+        # Sanity check
+        if ($ldap_res->count != 1) {
+            &main::daemon_log("$session_id ERROR: client with mac address $mac_address not found/unique/active - not sending syslog config".
+                    "\n\tbase: $ldap_base".
+                    "\n\tscope: sub".
+                    "\n\tattrs: gotoSyslogServer".
+                    "\n\tfilter: (&(gosaGroupObjects=[W])(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
+            &main::release_ldap_handle($ldap_handle);
+            return;
+        }
+
+        my $entry= $ldap_res->entry(0);
+        $syslog_server= $entry->get_value("gotoSyslogServer");
+    }
+
+    # Return if no syslog server specified
+    if (not defined $syslog_server) {
+        &main::daemon_log("$session_id WARNING: no syslog server specified for this host '$mac_address'", 3);
+        &main::release_ldap_handle($ldap_handle);
+        return;
+    }
+
+ 
+    # Add syslog server to 'syslog_config' message
+    my $syslog_msg_hash = &create_xml_hash("new_syslog_config", $server_address, $mac_address);
+    &add_content2xml_hash($syslog_msg_hash, "server", $syslog_server);
+
+    &main::release_ldap_handle($ldap_handle);
+    return &create_xml_string($syslog_msg_hash);
+}
+
+
+sub new_ntp_config {
+    my ($address, $session_id) = @_;
+    my $ntp_msg;
+    my $ldap_handle=&main::get_ldap_handle();
+
+       # Perform search
+    my $ldap_res = $ldap_handle->search( base   => $ldap_base,
+               scope  => 'sub',
+               attrs => ['gotoNtpServer'],
+               filter => "(&(objectClass=GOhard)(macaddress=$address))");
+       if($ldap_res->code) {
+               &main::daemon_log("$session_id ERROR: new_ntp_config: ldap search: ".$ldap_res->error, 1);
+        &main::release_ldap_handle($ldap_handle);
+               return;
+       }
+
+       # Sanity check
+       if ($ldap_res->count != 1) {
+               &main::daemon_log("$session_id ERROR: client with mac address $address not found/unique/active - not sending ntp config".
+                "\n\tbase: $ldap_base".
+                "\n\tscope: sub".
+                "\n\tattrs: gotoNtpServer".
+                "\n\tfilter: (&(objectClass=GOhard)(macaddress=$address))", 1);
+        &main::release_ldap_handle($ldap_handle);
+               return;
+       }
+
+       my $entry= $ldap_res->entry(0);
+    my $filter_dn = &Net::LDAP::Util::escape_filter_value($entry->dn);
+       my @ntp_servers= $entry->get_value("gotoNtpServer");
+
+    # If no ntp server is specified at host, just have a look at the object group of the host
+    # Perform object group search
+    if ((not @ntp_servers) || (@ntp_servers == 0)) {
+        my $ldap_res = $ldap_handle->search( base   => $ldap_base,
+                scope  => 'sub',
+                attrs => ['gotoNtpServer'],
+                filter => "(&(gosaGroupObjects=[W])(objectClass=gosaGroupOfNames)(member=$filter_dn))");
+        if($ldap_res->code) {
+            &main::daemon_log("$session_id ERROR: new_ntp_config: ldap search: ".$ldap_res->error, 1);
+            &main::release_ldap_handle($ldap_handle);
+            return;
+        }
+
+        # Sanity check
+        if ($ldap_res->count != 1) {
+            &main::daemon_log("$session_id ERROR: client with mac address $address not found/unique/active - not sending ntp config".
+                    "\n\tbase: $ldap_base".
+                    "\n\tscope: sub".
+                    "\n\tattrs: gotoNtpServer".
+                    "\n\tfilter: (&(gosaGroupObjects=[W])(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
+            &main::release_ldap_handle($ldap_handle);
+            return;
+        }
+
+        my $entry= $ldap_res->entry(0);
+        @ntp_servers= $entry->get_value("gotoNtpServer");
+    }
+
+    # Return if no ntp server specified
+    if ((not @ntp_servers) || (@ntp_servers == 0)) {
+        &main::daemon_log("$session_id WARNING: no ntp server specified for this host '$address'", 3);
+        &main::release_ldap_handle($ldap_handle);
+        return;
+    }
+ 
+    # Add each ntp server to 'ntp_config' message
+    my $ntp_msg_hash = &create_xml_hash("new_ntp_config", $server_address, $address);
+    foreach my $ntp_server (@ntp_servers) {
+        &add_content2xml_hash($ntp_msg_hash, "server", $ntp_server);
+    }
+
+    &main::release_ldap_handle($ldap_handle);
+    return &create_xml_string($ntp_msg_hash);
+}
+
+
 #===  FUNCTION  ================================================================
 #         NAME:  new_ldap_config
 #   PARAMETERS:  address - string - ip address and port of a host
@@ -589,53 +814,51 @@ sub new_ldap_config {
        # check hit
        my $hit_counter = keys %{$res};
        if( not $hit_counter == 1 ) {
-               &main::daemon_log("$session_id ERROR: more or no hit found in known_clients_db by query '$sql_statement'", 1);
+               &main::daemon_log("$session_id ERROR: new_ldap_config: more or no hit found in known_clients_db by query '$sql_statement'", 1);
+        return;
        }
 
     $address = $res->{1}->{hostname};
        my $macaddress = $res->{1}->{macaddress};
        my $hostkey = $res->{1}->{hostkey};
-
+       
        if (not defined $macaddress) {
-               &main::daemon_log("$session_id ERROR: no mac address found for client $address", 1);
+               &main::daemon_log("$session_id ERROR: new_ldap_config: no mac address found for client $address", 1);
                return;
        }
 
-       # Build LDAP connection
-    my $ldap_handle = &main::get_ldap_handle($session_id);
-       if( not defined $ldap_handle ) {
-               &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1);
-               return;
-       } 
-
        # Perform search
+    my $ldap_handle=&main::get_ldap_handle();
     $mesg = $ldap_handle->search( base   => $ldap_base,
                scope  => 'sub',
                attrs => ['dn', 'gotoLdapServer', 'gosaUnitTag', 'FAIclass'],
                filter => "(&(objectClass=GOhard)(macaddress=$macaddress))");
        if($mesg->code) {
-               &main::daemon_log("$session_id ".$mesg->error, 1);
+               &main::daemon_log("$session_id ERROR: new_ldap_config: ldap search: ".$mesg->error, 1);
+        &main::release_ldap_handle($ldap_handle);
                return;
        }
 
        # Sanity check
        if ($mesg->count != 1) {
-               &main::daemon_log("$session_id WARNING: client with mac address $macaddress not found/unique/active - not sending ldap config".
+               &main::daemon_log("$session_id ERROR: client with mac address $macaddress not found/unique/active - not sending ldap config".
                 "\n\tbase: $ldap_base".
                 "\n\tscope: sub".
                 "\n\tattrs: dn, gotoLdapServer".
                 "\n\tfilter: (&(objectClass=GOhard)(macaddress=$macaddress))", 1);
+        &main::release_ldap_handle($ldap_handle);
                return;
        }
 
        my $entry= $mesg->entry(0);
-       my $dn= $entry->dn;
+       my $filter_dn= &Net::LDAP::Util::escape_filter_value($entry->dn);
        my @servers= $entry->get_value("gotoLdapServer");
        my $unit_tag= $entry->get_value("gosaUnitTag");
        my @ldap_uris;
        my $server;
        my $base;
        my $release;
+    my $dn= $entry->dn;
 
        # Fill release if available
        my $FAIclass= $entry->get_value("FAIclass");
@@ -645,22 +868,24 @@ sub new_ldap_config {
 
        # Do we need to look at an object class?
        if (not @servers){
-          my $escaped_dn = &Net::LDAP::Util::escape_dn_value($dn);
                $mesg = $ldap_handle->search( base   => $ldap_base,
                        scope  => 'sub',
                        attrs => ['dn', 'gotoLdapServer', 'FAIclass'],
-                       filter => "(&(objectClass=gosaGroupOfNames)(member=$escaped_dn))");
+                       filter => "(&(gosaGroupObjects=[W])(objectClass=gosaGroupOfNames)(member=$filter_dn))");
                if($mesg->code) {
-                       &main::daemon_log("$session_id ERROR: unable to search for '(&(objectClass=gosaGroupOfNames)(member=$dn))': ".$mesg->error, 1);
+                       &main::daemon_log("$session_id ERROR: new_ldap_config: unable to search for '(&(objectClass=gosaGroupOfNames)(member=$filter_dn))': ".$mesg->error, 1);
+            &main::release_ldap_handle($ldap_handle);
                        return;
                }
 
                # Sanity check
-               if ($mesg->count == 0) {
-                       &main::daemon_log("$session_id WARNING: no LDAP informations found for client  with filter '(&(objectClass=gosaGroupOfNames)(member=$dn))'", 3);
-                       return;
-               } elsif ($mesg->count >= 2) {
-            &main::daemon_log("$session_id ERROR: multiple LDAP informations found for client  with filter '(&(objectClass=gosaGroupOfNames)(member=$dn))'", 1);
+        if ($mesg->count != 1) {
+            &main::daemon_log("$session_id ERROR: new_ldap_config: client with mac address $macaddress not found/unique/active - not sending ldap config".
+                    "\n\tbase: $ldap_base".
+                    "\n\tscope: sub".
+                    "\n\tattrs: dn, gotoLdapServer, FAIclass".
+                    "\n\tfilter: (&(gosaGroupObjects=[W])(objectClass=gosaGroupOfNames)(member=$filter_dn))", 1);
+            &main::release_ldap_handle($ldap_handle);
             return;
         }
 
@@ -680,7 +905,7 @@ sub new_ldap_config {
 
     # complain if no ldap information found
     if (@servers == 0) {
-        &main::daemon_log("$session_id ERROR: no gotoLdapServer information for LDAP entry with filter '(&(objectClass=gosaGroupOfNames)(member=$dn))'");
+        &main::daemon_log("$session_id ERROR: no gotoLdapServer information for LDAP entry '$dn'", 1);
     }
 
        foreach $server (@servers){
@@ -722,13 +947,15 @@ sub new_ldap_config {
                        filter => "(&(objectClass=gosaAdministrativeUnit)(gosaUnitTag=$unit_tag))");
                #$mesg->code && die $mesg->error;
                if($mesg->code) {
-                       &main::daemon_log($mesg->error, 1);
+                       &main::daemon_log("$session_id ERROR: new_ldap_config: ldap search: ".$mesg->error, 1);
+            &main::release_ldap_handle($ldap_handle);
                        return "error-unit-tag-count-0";
                }
 
                # Sanity check
                if ($mesg->count != 1) {
-                       &main::daemon_log("WARNING: cannot find administrative unit for client with tag $unit_tag", 1);
+                       &main::daemon_log("WARNING: cannot find administrative unit for client with tag $unit_tag", 3);
+            &main::release_ldap_handle($ldap_handle);
                        return "error-unit-tag-count-".$mesg->count;
                }
 
@@ -739,6 +966,7 @@ sub new_ldap_config {
                # Append unit Tag
                $data{'unit_tag'}= $unit_tag;
        }
+    &main::release_ldap_handle($ldap_handle);
 
        # Send information
        return &build_msg("new_ldap_config", $server_address, $address, \%data);
@@ -763,24 +991,18 @@ sub hardware_config {
        # check hit
        my $hit_counter = keys %{$res};
        if( not $hit_counter == 1 ) {
-               &main::daemon_log("$session_id ERROR: more or no hit found in known_clients_db by query by '$address'", 1);
+               &main::daemon_log("$session_id ERROR: hardware_config: more or no hit found in known_clients_db by query by '$address'", 1);
        }
        my $macaddress = $res->{1}->{macaddress};
        my $hostkey = $res->{1}->{hostkey};
 
        if (not defined $macaddress) {
-               &main::daemon_log("$session_id ERROR: no mac address found for client $address", 1);
+               &main::daemon_log("$session_id ERROR: hardware_config: no mac address found for client $address", 1);
                return;
        }
 
-       # Build LDAP connection
-    my $ldap_handle = &main::get_ldap_handle($session_id);
-       if( not defined $ldap_handle ) {
-               &main::daemon_log("$session_id ERROR: cannot connect to ldap: $ldap_uri", 1);
-               return;
-       } 
-
        # Perform search
+    my $ldap_handle=&main::get_ldap_handle();
        $mesg = $ldap_handle->search(
                base   => $ldap_base,
                scope  => 'sub',
@@ -788,7 +1010,7 @@ sub hardware_config {
        );
 
        if($mesg->count() == 0) {
-               &main::daemon_log("Host was not found in LDAP!", 1);
+               &main::daemon_log("$session_id INFO: Host was not found in LDAP!", 5);
 
                # set status = hardware_detection at jobqueue if entry exists
                # TODO
@@ -812,15 +1034,15 @@ sub hardware_config {
        
        } else {
                my $entry= $mesg->entry(0);
-               my $dn= $entry->dn;
                if (defined($entry->get_value("gotoHardwareChecksum"))) {
-                       if (! $entry->get_value("gotoHardwareChecksum") eq $gotoHardwareChecksum) {
+                       if (! ($entry->get_value("gotoHardwareChecksum") eq $gotoHardwareChecksum)) {
                                $entry->replace(gotoHardwareChecksum => $gotoHardwareChecksum);
                                if($entry->update($ldap_handle)) {
                                        &main::daemon_log("$session_id INFO: Hardware changed! Detection triggered.", 5);
                                }
                        } else {
                                # Nothing to do
+                &main::release_ldap_handle($ldap_handle);
                                return;
                        }
                } 
@@ -835,12 +1057,14 @@ sub hardware_config {
                $data{'goto_secret'}= $goto_secret;
        }
 
+    &main::release_ldap_handle($ldap_handle);
+
        # Send information
        return &build_msg("detect_hardware", $server_address, $address, \%data);
 }
 
 sub server_matches {
-       my $target = shift;
+    my ($target, $session_id) = @_ ;
        my $target_ip = ($1) if $target =~ /^([0-9\.]*?):.*$/;
        if(!defined($target_ip) or length($target_ip) == 0) {
                return;
@@ -858,12 +1082,12 @@ sub server_matches {
                } else {
                        my $PROC_NET_ROUTE= ('/proc/net/route');
 
-                       open(PROC_NET_ROUTE, "<$PROC_NET_ROUTE")
+                       open(my $FD_PROC_NET_ROUTE, "<", "$PROC_NET_ROUTE")
                                or die "Could not open $PROC_NET_ROUTE";
 
-                       my @ifs = <PROC_NET_ROUTE>;
+                       my @ifs = <$FD_PROC_NET_ROUTE>;
 
-                       close(PROC_NET_ROUTE);
+                       close($FD_PROC_NET_ROUTE);
 
                        # Eat header line
                        shift @ifs;
@@ -884,7 +1108,7 @@ sub server_matches {
                        }
                }
        } else {
-               &main::daemon_log("Target ip $target_ip does not match Server ip $server_ip",1);
+               &main::daemon_log("$session_id INFO: Target ip $target_ip does not match Server ip $server_ip",5);
        }
 
        return $result;