Univention Bugzilla – Bug 39952
Setting contact information does not allow to set additional attributes
Last modified: 2020-07-09 11:08:07 CEST
The external send method allows to use other UDM properties than for sms and email. But the UI for setting contact information does not allow to use other UDM properties. Thus the admin is able to configure e.g. a XMPP method and use an existing UDM property but the user is not able to maintain its own XMPP address via the self service module.
*** Bug 39982 has been marked as a duplicate of this bug. ***
I think the best would be to just re-enable users/self flavor in UMC which has all required features.
The UI of the UMC has been judged to be unfitting for end-users. BTW: a "Edit contact information" link would neatly fit into the side panel → "User settings".
(In reply to Daniel Tröder from comment #3) > The UI of the UMC has been judged to be unfitting for end-users. If so, we can adjust the layout of it. We could even outsource the UDM's flavor into an own page if necessary. The benefit would be that all of the required functionality is already configurable via extended attributes.
→ No need for UCR variables, no need for additional Code.
Sounds great!
(In reply to Daniel Tröder from comment #6) > Sounds great! Actually not. The idea is better suited for Bug #44500. The intention of this bug is to be able to edit the contact data for the activated send-method (eg XMPP) in the password reset module, not in some other place. This makes for a better UX.
It works e.g. with the following already: # ucr unset umc/module/udm/users/self/disabled # eval "$(ucr shell)" # udm settings/extended_attribute modify --dn "cn=UniventionPasswordSelfServiceEmail,cn=custom attributes,cn=univention,$ldap_base" --append module=users/self # udm settings/extended_attribute modify --dn "cn=UniventionPasswordSelfServiceMobile,cn=custom attributes,cn=univention,$ldap_base" --append module=users/self # udm policies/umc modify --dn cn=default-umc-users,cn=UMC,cn=policies,$ldap_base --append allow="cn=udm-self,cn=operations,cn=UMC,cn=univention,$ldap_base" # firefox http://$(hostname -f)/univention/management/?module=udm&flavor=users/self → works so far, if one sets up the correct LDAP ACL's, e.g.: "access to attrs=univentionPasswordSelfServiceMobile,univentionPasswordSelfServiceEmail by self write by * +0 break"
(In reply to Florian Best from comment #8) > "access to > attrs=univentionPasswordSelfServiceMobile,univentionPasswordSelfServiceEmail > by self write by * +0 break" it only works if the user is allowed to create the objectClass UniventionPassword SelfService: access to attrs=objectClass,univentionPasswordSelfServiceMobile,univentionPasswordSelfServiceEmail by self write by * +0 break Restricting the access to a specific ObjectClass unfortunately does not work. So this will give a user the ability to create ObjectClasses
(In reply to Stefanie Schneider from comment #9) > (In reply to Florian Best from comment #8) > > "access to > > attrs=univentionPasswordSelfServiceMobile,univentionPasswordSelfServiceEmail > > by self write by * +0 break" > > > it only works if the user is allowed to create the objectClass > UniventionPassword SelfService: > > access to > attrs=objectClass,univentionPasswordSelfServiceMobile, > univentionPasswordSelfServiceEmail > by self write > by * +0 break > > Restricting the access to a specific ObjectClass unfortunately does not > work. So this will give a user the ability to create ObjectClasses This would be a massive security hole especially in UCS@school environments. There is a way to restrict ACL's to a specifc object class: access to objectClass value=UniventionPasswordSelfService by self write by * +0 break I think this should work, but I did not test it.
Restriction to certain Objectclass works. See final Cool Solution: https://wiki.univention.de/index.php/Cool_Solution_-_User_Self-Service_with_extended_Attributes
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.