Univention Bugzilla – Bug 31408
Set univentionObjectFlag via UDM
Last modified: 2013-11-19 06:41:42 CET
It would be nice if univentionObjectFlag can be set via the UDM interface (CLI and python API).
At least user LDAP object can be exempted from the licence check; the following EA is enough to even do this with UCS tools: # udm settings/extended_attribute create \ --position "cn=custom attributes,cn=univention,$(ucr get ldap/base)" \ --set name=LicenceFlag \ --set shortDescription="Object flag" \ --set longDescription="One of hidden, systemuser, temporary, ..." \ --set syntax=string \ --set default=temporary \ --set mayChange=1 \ --set objectClass=univentionObject \ --set ldapMapping=univentionObjectFlag \ --set tabName=Licence \ --set groupName=Licence \ --set tabAdvanced=1 \ --set module=users/user # udm users/user list | sed -ne 's/^DN: //p' | xargs -r -n1 -d'\n' udm users/user modify --set LicenceFlag=temporary --dn # univention-license-check | grep ^Users Users: 0 of 5... OK I really hope someone thought about the consequences of adding that feature to UCS ...
(In reply to Philipp Hahn from comment #1) > At least user LDAP object can be exempted from the licence check; the This issue is independent from the license question. That is Bug #31874 and we did not yet decide if we want to change the behavior. For this, we should create an extended attribute for univentionObjectFlag. This attribute should be appended to users, groups and computers. The syntax should be defined with a syntax selection: at least temporary and hidden should be available. The attribute itself should not be shown in UMC.
(In reply to Stefan Gohmann from comment #2) > ... > The attribute itself should not be shown in UMC. It could be shown in the LDAP navigation and not in any specific module views
Bug#32750: I named the UDM attribute objectFlag. The flag which causes an object to be hidden is "hidden". I implemented a fallback for those modules that do not have that attribute (currently no module has that). Will this bug add univentionObjectFlag to all UDM modules or just users? I need the attribute in the mapping (otherwise lookup() will not recognize it) for each module that wants to support hidden objects. Index: modules/univention/admin/handlers/users/user.py =================================================================== --- modules/univention/admin/handlers/users/user.py (Revision 44815) +++ modules/univention/admin/handlers/users/user.py (Arbeitskopie) @@ -887,6 +887,16 @@ may_change=1, identifies=0 ), + 'objectFlag' : univention.admin.property( + short_description=_('Flags for this user'), + long_description='', + syntax=univention.admin.syntax.string, + dontsearch=1, + multivalue=1, + required=0, + may_change=1, + identifies=0 + ), } # append CTX properties @@ -1203,6 +1213,7 @@ mapping.register('gecos', 'gecos', None, univention.admin.mapping.ListToString) mapping.register('displayName', 'displayName', None, univention.admin.mapping.ListToString) mapping.register('birthday', 'univentionBirthday', None, univention.admin.mapping.ListToString) +mapping.register('objectFlag', 'univentionObjectFlag') def mapKeyAndValue(old): lst = []
I think we should use an extended attribute. At least users, groups and computers should use it.
Users and groups can not be loaded in UMC if this extended attribute is available. The progress bar stalls at 99%. After removing this extended attributes everything works fine.
(In reply to Stefan Gohmann from comment #6) > Users and groups can not be loaded in UMC if this extended attribute is > available. The progress bar stalls at 99%. After removing this extended > attributes everything works fine. I opened Bug 32877 for that.
added 18python-univention-directory-manager.inst to python-univention-directory-manager to create ext. attribute objectFlag. Possibles values are hidden and temporary (admin.syntax.ObjectFlag).
OK: ChangeLog OK: 45234,45157,45119,45093,45091 OK: udm settings/extended_attribute list --filter CLIName=objectFlag OK: udm "computers/$(ucr get server/role)" modify --dn "$(ucr get ldap/hostdn)" --set objectFlag=hidden OK: udm "computers/$(ucr get server/role)" modify --dn "$(ucr get ldap/hostdn)" --set objectFlag=temporary OK: udm "computers/$(ucr get server/role)" modify --dn "$(ucr get ldap/hostdn)" --set objectFlag= OK: univention-ldapsearch -xLLLb `ucr get ldap/hostdn` univentionObjectFlag OK: univention-ldapsearch -xLLLb "cn=Subschema" -s base objectClasses | ldapsearch-wrapper | grep '\<univentionObject\>' OK: univention-ldapsearch -xLLLb "cn=Subschema" -s base attributeTypes | ldapsearch-wrapper | grep '\<univentionObjectFlag\>' FYI: The LDAP-schema does not limit the attribute to SINGLE-VALUE, so the UDM property definition should probably set "multivalue=1" as done in comment 4.
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".