Comment 1 Philipp Hahn 2013-07-08 15:36:32 CEST

At least user LDAP object can be exempted from the licence check; the following EA is enough to even do this with UCS tools:
# udm settings/extended_attribute create \
 --position "cn=custom attributes,cn=univention,$(ucr get ldap/base)" \
 --set name=LicenceFlag \
 --set shortDescription="Object flag" \
 --set longDescription="One of hidden, systemuser, temporary, ..." \
 --set syntax=string \
 --set default=temporary \
 --set mayChange=1 \
 --set objectClass=univentionObject \
 --set ldapMapping=univentionObjectFlag \
 --set tabName=Licence \
 --set groupName=Licence \
 --set tabAdvanced=1 \
 --set module=users/user
# udm users/user list |
 sed -ne 's/^DN: //p' |
 xargs -r -n1 -d'\n' udm users/user modify --set LicenceFlag=temporary --dn
# univention-license-check | grep ^Users
Users:                       0 of        5... OK

I really hope someone thought about the consequences of adding that feature to UCS ...

Comment 2 Stefan Gohmann 2013-09-12 09:03:17 CEST

(In reply to Philipp Hahn from comment #1)
> At least user LDAP object can be exempted from the licence check; the

This issue is independent from the license question. That is Bug #31874 and we did not yet decide if we want to change the behavior.

For this, we should create an extended attribute for univentionObjectFlag. This attribute should be appended to users, groups and computers. The syntax should be defined with a syntax selection: at least temporary and hidden should be available.

The attribute itself should not be shown in UMC.

Comment 3 Alexander Kläser 2013-09-24 16:09:00 CEST

(In reply to Stefan Gohmann from comment #2)
> ...
> The attribute itself should not be shown in UMC.

It could be shown in the LDAP navigation and not in any specific module views

Comment 4 Dirk Wiesenthal 2013-10-07 19:08:03 CEST

Bug#32750: I named the UDM attribute objectFlag. The flag which causes an object to be hidden is "hidden".

I implemented a fallback for those modules that do not have that attribute (currently no module has that). Will this bug add univentionObjectFlag to all UDM modules or just users? I need the attribute in the mapping (otherwise lookup() will not recognize it) for each module that wants to support hidden objects.

Index: modules/univention/admin/handlers/users/user.py
===================================================================
--- modules/univention/admin/handlers/users/user.py     (Revision 44815)
+++ modules/univention/admin/handlers/users/user.py     (Arbeitskopie)
@@ -887,6 +887,16 @@
                        may_change=1,
                        identifies=0
                ),
+       'objectFlag' : univention.admin.property(
+                       short_description=_('Flags for this user'),
+                       long_description='',
+                       syntax=univention.admin.syntax.string,
+                       dontsearch=1,
+                       multivalue=1,
+                       required=0,
+                       may_change=1,
+                       identifies=0
+               ),
 }
 
 # append CTX properties
@@ -1203,6 +1213,7 @@
 mapping.register('gecos', 'gecos', None, univention.admin.mapping.ListToString)
 mapping.register('displayName', 'displayName', None, univention.admin.mapping.ListToString)
 mapping.register('birthday', 'univentionBirthday', None, univention.admin.mapping.ListToString)
+mapping.register('objectFlag', 'univentionObjectFlag')
 
 def mapKeyAndValue(old):
        lst = []

Comment 5 Stefan Gohmann 2013-10-07 22:11:11 CEST

I think we should use an extended attribute. At least users, groups and computers should use it.

Comment 6 Stefan Gohmann 2013-10-16 00:11:00 CEST

Users and groups can not be loaded in UMC if this extended attribute is available. The progress bar stalls at 99%. After removing this extended attributes everything works fine.

Comment 7 Alexander Kläser 2013-10-16 11:38:11 CEST

(In reply to Stefan Gohmann from comment #6)
> Users and groups can not be loaded in UMC if this extended attribute is
> available. The progress bar stalls at 99%. After removing this extended
> attributes everything works fine.

I opened Bug 32877 for that.

Comment 8 Felix Botner 2013-10-16 12:52:26 CEST

added 18python-univention-directory-manager.inst to python-univention-directory-manager to create ext. attribute objectFlag. Possibles values are hidden and temporary (admin.syntax.ObjectFlag).

Comment 9 Philipp Hahn 2013-10-28 23:36:00 CET

OK: ChangeLog
OK: 45234,45157,45119,45093,45091
OK: udm settings/extended_attribute list --filter CLIName=objectFlag
OK: udm "computers/$(ucr get server/role)" modify --dn "$(ucr get ldap/hostdn)" --set objectFlag=hidden
OK: udm "computers/$(ucr get server/role)" modify --dn "$(ucr get ldap/hostdn)" --set objectFlag=temporary
OK: udm "computers/$(ucr get server/role)" modify --dn "$(ucr get ldap/hostdn)" --set objectFlag=
OK: univention-ldapsearch -xLLLb `ucr get ldap/hostdn` univentionObjectFlag
OK: univention-ldapsearch -xLLLb "cn=Subschema" -s base objectClasses | ldapsearch-wrapper | grep '\<univentionObject\>'
OK: univention-ldapsearch -xLLLb "cn=Subschema" -s base attributeTypes | ldapsearch-wrapper | grep '\<univentionObjectFlag\>'

FYI: The LDAP-schema does not limit the attribute to SINGLE-VALUE, so the UDM property definition should probably set "multivalue=1" as done in comment 4.

Comment 10 Stefan Gohmann 2013-11-19 06:41:42 CET

UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".