Bug 50073 - users/user property "country" is mapped to LDAP attribute "st" (state) instead of "c" (country)
users/user property "country" is mapped to LDAP attribute "st" (state) instea...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 5.0-3
Assigned To: Maximilian Janßen
Florian Best
:
: 52662 (view as bug list)
Depends on:
Blocks: 50033 56528
  Show dependency treegraph
 
Reported: 2019-08-28 11:10 CEST by Arvid Requate
Modified: 2023-09-05 07:30 CEST (History)
8 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-08-28 11:10:51 CEST
Split off from Bug 50033 Comment 5:

We also postponed the synchronizarion of UDM property "country", because there is a quirk in the definition of this UDM property: It ist mapped to LDAP attribute "st" instead of "c". To get out of this we would also need to create a UDM property to sync "c". And we probably should change the UDM poperty names to match the LDAP attributes. After that, we may add them to the S4-Connector mapping (st<->st and c<->c, instead of "st<->c").
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2020-02-06 17:24:10 CET
Is there any plan on how to migrate existing user data from the old to the new attribute/property?
Comment 2 Florian Best univentionstaff 2021-01-15 15:30:04 CET
*** Bug 52662 has been marked as a duplicate of this bug. ***
Comment 3 Philipp Hahn univentionstaff 2021-01-15 18:58:18 CET
(In reply to Sönke Schwardt-Krummrich from comment #1)
> Is there any plan on how to migrate existing user data from the old to the
> new attribute/property?

We don't know if any entry was created using our broken mapping, or if the entry was synchronized from some where other using the "correct" semantic of "stateOrProvinceName".

My proposal would be to write a script to be invoked manually to move "ldap:ldap:stateOrProvinceName" to "ldap:countryName" if (and only if)
1. "ldap:st" contains a 2-letter country code and
2. the "ldap:c" is empty
Optionally only remove "ldap:st" if "ldap:c" is already the same.
Comment 4 Florian Best univentionstaff 2022-08-26 17:31:56 CEST
(In reply to Philipp Hahn from comment #3)
> (In reply to Sönke Schwardt-Krummrich from comment #1)
> > Is there any plan on how to migrate existing user data from the old to the
> > new attribute/property?
> 
> We don't know if any entry was created using our broken mapping, or if the
> entry was synchronized from some where other using the "correct" semantic of
> "stateOrProvinceName".
> 
> My proposal would be to write a script to be invoked manually to move
> "ldap:ldap:stateOrProvinceName" to "ldap:countryName" if (and only if)
> 1. "ldap:st" contains a 2-letter country code and
> 2. the "ldap:c" is empty
> Optionally only remove "ldap:st" if "ldap:c" is already the same.

That sounds good.
In a first step, to get this done more easily in an erratum, we should make the mapping configurable via UCR.
Let's provide the upgrade script, which does the migration plus setting the new UCR variable.
The script should have a `--dry-run` option which only shows the changes which would be made.
A system diagnostic plugin which uses the script to check in which condition the system is and pushes customers to migrate to the new behavior would also be helpful.
Comment 5 Florian Best univentionstaff 2022-09-27 11:43:41 CEST
FYI: "c"/countryName is not referenced by the object classes person, inetOrgPerson, organizationalPerson but only as MUST by the structural object class "country".
Therefore our plan is to add "c" as MAY to "univentionPerson".
Comment 6 Maximilian Janßen univentionstaff 2023-02-06 21:23:09 CET
07b8e61d8ee8f81754670a92677b4ee7e94aad61 | Bug #50073: UDM: Conditionally remap country from 'st' to 'c'
981828d21cd4f4ed9ea3d7651e865016e2f26569 | Bug #50073: Add script for migrating UDM country from st to c
3db855ac210618c1ba78b5525002e3067c0c7282 | Bug #50073: Add diagnostic module to inform about the possibility to migrate UDM country from st to c
5c4ef5b504a3a12bbb25a250fb84521634e37487 | Bug #50073: update ucs-test and the unittests to check the new country mapping (c instead of st)

- Changed ldap attributes of users
- Changed udm mapping (if the policy is set)
- Added script for automated migration
- Added diagnostic module to inform about the possibility to migrate
- Updated tests
Comment 7 Maximilian Janßen univentionstaff 2023-02-07 16:37:22 CET
8f0d369879a1368949b53b03fdcd6a2d4bdd10de | Bug #50073: Fix a few issues
0bf9176dcffba605f7f12171369b37c7344da1d5 | fixup! Bug #50073: Fix a few issues

- Allow `contacts` to have a `c` ldap attribute
- Allow `tmplates` to have a `c` ldap attribute
- Fix text in the diagnostic module
Comment 8 Florian Best univentionstaff 2023-02-07 16:40:01 CET
OK: 
There is a migration script (/usr/share/univention-directory-manager-tools/udm-remap-country-from-st-to-c) which can convert data for users / contacts / usertemplates by moving the contents of "st" into the attribute "c" if the value is a 2-letter-country-code (e.g. "DE").
As "c" is not allowed on any "person" based object classes the object class "univentionPerson" now allows it and is attached to the objects.

OK:
There is a new diagnostic plugin "66_udm_country_remap_from_st_to_c" which informs to make the migration and offers it via a button. For domains which want to keep the old behavior for a while the UCR variable diagnostic/check/disable/66_udm_country_remap_from_st_to_c can be set to true.

OK:
when the migration is done a UCR policy sets the UCR variable 'directory/manager/web/modules/users/user/map-country-to-st' to false (in the whole domain!) and therefore activates the new behavior in UDM: A new property "state" (province/Bundesland) is added to UDM (mapped via "st") and the "country" property is mapped to "c" instead of "st". "country" still has the choices based syntax with all known country codes. "state" is a free-type field.

OK: changelog entry
Comment 9 Florian Best univentionstaff 2023-02-13 11:41:26 CET
UCS 5.0-3 has been released.

https://docs.software-univention.de/release-notes/5.0-3/en/

If this error occurs again, please clone this bug.