Bug 41244 – usernames must be unique during the lifetime of the domain

Bug 41244 - usernames must be unique during the lifetime of the domain


Summary:	usernames must be unique during the lifetime of the domain

Status:	RESOLVED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Import scripts
Version:	unspecified
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.1 R2
Assigned To:	Daniel Tröder
QA Contact:	Sönke Schwardt-Krummrich

URL:
Keywords:	interim-1

Depends on:
Blocks:	41243
	Show dependency tree / graph

Reported:	2016-05-10 14:43 CEST by Daniel Tröder
Modified:	2016-09-30 11:57 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2016-05-10 14:43:20 CEST

Usernames of deleted users must be stored, because they cannot ever be used again.
That data must be replicated to at least the DC backups, so that in case of a promotion the information is retained.

Comment 1 Daniel Tröder

2016-05-10 14:43:30 CEST

OpenLDAP seems to be slow retrieving nodes with 100.000s of values, so probably a subtree will contain one node per username prefix, containing a counter that increments. ~20.000 different usernames were seen at one customer.

Comment 2 Daniel Tröder

2016-06-14 12:48:22 CEST

One object per username-base under cn=ucsschool,cn=univention,$base_dn:

objectclass ucsschoolUsername
  attributetype ucsschoolUsernameNextNumber

# univention-ldapsearch -LLL '(ucsschoolUsernameNextNumber=*)'

dn: cn=B.Schmidt,cn=unique-usernames,cn=ucsschool,cn=univention,dc=uni,dc=dtr
objectClass: ucsschoolUsername
cn: B.Schmidt
ucsschoolUsernameNextNumber: 4

Comment 3 Sönke Schwardt-Krummrich

2016-07-05 15:10:15 CEST

[ALWAYSCOUNTER] and [COUNTER2] are covered by 34_import-users_via_cli_v2.
The test checks if the unique-usernames object is created.

Missing is currently a test, that the usernames are not reused if a previous user has been removed.

Comment 4 Florian Best

2016-07-21 14:55:40 CEST

I don't see any commits for this bug.

Comment 5 Daniel Tröder

2016-09-08 11:46:30 CEST

Test for this bug is in 90_ucsschool/34_import-users_via_cli_v2 test_create_with_username_scheme().
... although it does not really check if the next import with the same username will use the counter, it merely checks if the "unique-usernames object" LDAP objects are created.

Comment 6 Daniel Tröder

2016-09-12 09:42:27 CEST

r72476: Enhanced test_create_with_username_scheme() to run three imports for each role, creating and deleting the same user for both ALWAYSCOUNTER and COUNTER2, using username extensions ['1', '2', '3'] and ['', '2', '3'].