Univention Bugzilla – Bug 55670
make LDAP-"operational attributes" available as extended attribute
Last modified: 2023-06-20 14:24:35 CEST
+++ This bug was initially created as a clone of Bug #20235 +++ Ich habe gerade versucht "creatorsName" oder "modifyTimestamp" per Extended Attribute azuzeigen, die Felder sind aber leer. Es wäre sehr angenehm wenn das ginge. Ich vermute dass dazu beim Suchen nach Objekten "+" in die Liste der Attribute im search aufgenommen werden muss; wenn vorher kein Attribute angegeben war müsste man ["*","+"] mitgeben. A customer created the extended Attributes as described in https://help.univention.com/t/when-was-an-ldap-object-created-or-modified-display-ldap-operational-attributes-in-extended-attributes/20968 Unfortunately the computer import did not work anymore. ``` # /usr/share/ucs-school-import/scripts/import_computer 20230130-ersatz-kab3-ohnebeschreibung.csv input file is : 20230130-ersatz-kab3-ohnebeschreibung.csv Processing line 1: windows eins-kab3-001 2c:f0:5d:02:f0:63 gym_one 10.3.8.11/16 set ip to 10.3.8.11 is not net 10.3.0.0 Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 807, in modify return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 211, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 766, in modify self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 211, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 825, in modify_ext_s rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1253, in modify_ext_s return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call reraise(exc_type, exc_value, exc_traceback) File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise raise exc_value File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call result = func(*args,**kwargs) ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'creatorsName: no user modification allowed'} ``` The problem does not occur with IPmanagedclients clients, because they don’t have a group (by default) in comparison to windows # udm computers/ipmanagedclient list --filter cn=ip-client-032 | egrep group vs # udm computers/windows list --filter cn=eins-kab3-001 | egrep group groups: cn=Windows Hosts,cn=groups,dc=schein,dc=me primaryGroup: cn=Windows Hosts,cn=groups,dc=schein,dc=me The import will work again, if the extended attribute is removed, or the module groups/group is removed. $ udm settings/extended_attribute modify --dn “cn=creatorsName,cn=custom attributes,cn=univention,dc=schein,dc=me” --remove module="groups/group