Univention Bugzilla – Bug 18338
Quoting Regeln werden beim Bearbeiten von DN's (z.B. dn.split(',')) nicht beachtet
Last modified: 2019-03-09 22:45:48 CET
Mit bug#17852 werden die DN's beim Anlegen von temporären Objekten nun richtig maskiert. Damit kann ich (da es die uid Syntax i.M. noch zulässt) einen Benutzer "foo,,,bar" anlegen, bekomme dann aber einen Traceback udm users/user create --set username="foo,,,bar" --set lastname=lastname --set password=univention Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 231, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/python2.4/site-packages/univention/admincli/admin.py", line 740, in doit dn=object.create() File "/usr/lib/python2.4/site-packages/univention/admin/handlers/__init__.py", line 305, in create return self._create() File "/usr/lib/python2.4/site-packages/univention/admin/handlers/__init__.py", line 570, in _create al.extend(self._ldap_modlist()) File "/usr/lib/python2.4/site-packages/univention/admin/handlers/users/user.py", line 2244, in _ldap_modlist if pwhistoryPolicy and pwhistoryPolicy.has_key('length') and pwhistoryPolicy['length']: File "/usr/lib/python2.4/site-packages/univention/admin/handlers/__init__.py", line 2293, in __getitem__ print "init" File "/usr/lib/python2.4/site-packages/univention/admin/uldap.py", line 323, in getPolicies return self.lo.getPolicies(dn, policies, attrs, result, fixedattrs) File "/usr/lib/python2.4/site-packages/univention/uldap.py", line 298, in getPolicies elif not policies and not attrs: File "/usr/lib/python2.4/site-packages/univention/uldap.py", line 234, in getAttr result=self.lo.search_s( dn, ldap.SCOPE_BASE, File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 508, in search_s return self.search_ext_s(base,scope,filterstr,attrlist,attrsonly,None,None,timeout=self.timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 502, in search_ext_s return self.result(msgid,all=1,timeout=timeout)[1] File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 428, in result res_type,res_data,res_msgid = self.result2(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 432, in result2 res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 438, in result3 ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout) File "/usr/lib/python2.4/site-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) INVALID_DN_SYNTAX: {'info': 'invalid DN', 'desc': 'Invalid DN syntax'} Problem hier ist wohl, dass beim Anlegen von Benutzern irgendwann uldap.py -> parentDn() um die Parent DN zu ermitteln. Diese DN wird dann class access def getAttr ebenfalls in uldap.py verwendet. Da in parentDn die DN einfach an "," getrennt wird, kommt in falle von "foo,,,bar" in getAttr die DN ",,bar,cn=users,dc=univention,dc=qa" an und daran verschluckt sich /usr/lib/python2.4/site-packages/ldap/ldapobject.py. Bei diesen ganzen Operationen auf die DN's müssen also wahrscheinlich die Quoting Regeln beachtet werden.
This issue has been filed against UCS 2.3. UCS 2.3 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug". In this case please provide detailed information on how this issue is affecting you.
Quoting has been fixed in UCS 4.