Univention Bugzilla – Bug 38317
Missing sanity check when adding users to groups
Last modified: 2016-11-21 12:05:11 CET
Ticket#2015041621000521 I'm able to add non-existent users to groups without an error message (or better: with positive confirmation): root@master:~# lsb_release -a No LSB modules are available. Distributor ID: Univention Description: Univention Corporate Server 4.0-1 errata160 (Walle) Release: 4.0-1 errata160 Codename: Walle root@master:~# univention-directory-manager groups/group create --set name="testgroup" Object created: cn=testgroup,dc=40lish,dc=qa root@master:~# univention-directory-manager users/user create --set password='Password01' --set username='somename' --set firstname='Some' --set lastname='Name' --set displayName='Some Name' Object created: uid=somename,dc=40lish,dc=qa root@master:~# univention-directory-manager groups/group modify --dn "cn=testgroup,dc=40lish,dc=qa" --append users="uid=somename,cn=users,dc=40lish,dc=qa" Object modified: cn=testgroup,dc=40lish,dc=qa root@master:~# univention-directory-manager groups/group modify --dn "cn=testgroup,dc=40lish,dc=qa" --append users="uid=no,uid=check,uid=at,uid=all" Object modified: cn=testgroup,dc=40lish,dc=qa root@master:~# udm groups/group list --filter name=testgroup name=testgroup DN: cn=testgroup,dc=40lish,dc=qa ARG: None users: uid=somename,cn=users,dc=40lish,dc=qa users: uid=no,uid=check,uid=at,uid=all UVMMGroup: None gidNumber: 5078 objectFlag: None mailAddress: None description: None sambaGroupType: 2 name: testgroup adGroupType: -2147483646 sambaRID: 1127 root@master:~# univention-ldapsearch -xLLL cn=testgroup dn: cn=testgroup,dc=40lish,dc=qa sambaGroupType: 2 cn: testgroup objectClass: top objectClass: posixGroup objectClass: univentionGroup objectClass: sambaGroupMapping objectClass: univentionObject univentionObjectType: groups/group gidNumber: 5078 univentionGroupType: -2147483646 sambaSID: S-1-5-21-2621817644-3705164039-2104105990-1127 uniqueMember: uid=somename,cn=users,dc=40lish,dc=qa uniqueMember: uid=no,uid=check,uid=at,uid=all memberUid: somename memberUid: no root@master:~# univention-ldapsearch -xLLL -b "uid=somename,cn=users,dc=40lish,dc=qa" No such object (32) Matched DN: cn=users,dc=40lish,dc=qa root@master:~# univention-ldapsearch -xLLL -b "uid=no,uid=check,uid=at,uid=all" No such object (32) root@master:~#
We have to be careful with such a change. The connector needs to set users to groups which don't exists yet.
*** This bug has been marked as a duplicate of bug 43005 ***