Comment 1 Kevin Dominik Korte 2013-02-01 12:33:17 CET

This would be helpful for customers implementing externally reachable self-service web-pages or using customized HR software

Ticket: #2012041721002657

Requested during competitor analysis of UCS@school.

(In reply to Michel Smidt from comment #2)
> Requested during competitor analysis of UCS@school.

Not specifically the UMC functionality but the directory functionality.

Comment 4 Tim Petersen 2015-10-07 08:58:26 CEST

Requested at 2015100621000386

Comment 5 Florian Best 2015-11-25 00:22:09 CET

From the description it isn't really clear what exactly we need.
For what do we need it?
Do we need a API to receive/add/modify/delete LDAP objects?
Do we need a API to set up system configurations like Language settings, UCR variables, etc.?
Do we need a API to stop services or processes?

Does the API needs to be RESTful?
REST requires hypertext driven, stateless communication using a uniform interface (e.g. HTTP with its methods, status codes, headers and URI's for resource identification) where every representation of a resource is marked as (non-)cacheable and which especially uses a data format which allows hypertext driven application state and link-relations between different resources and states (=XML based).

Or do we need a interface which uses correct HTTP verbs, headers, statuses and URIs; which is versionizable and reliable against changes and might support different versions; which gives access to various data format like application/json, some LDIF format or vendor/univention specific XML data formats and accept also formats like those.

(In reply to Florian Best from comment #5)
> From the description it isn't really clear what exactly we need.
> For what do we need it?
> Do we need a API to receive/add/modify/delete LDAP objects?
Yes, at least this was requested in my presales task.
> Do we need a API to set up system configurations like Language settings, UCR
> variables, etc.?
I don't know because for my potential project the customer was actually far away from UCS product specifica.
> Do we need a API to stop services or processes?
See above.
> 
> Does the API needs to be RESTful?
Yes. This was the requirement.
> ...
> ...

Comment 7 Florian Best 2017-06-28 14:52:19 CEST

There is a Customer ID set so I set the flag "Enterprise Customer affected".

Comment 8 Florian Best 2017-07-21 10:42:49 CEST

The representation of LDAP objects should include a Last-Modified header, which is the value of the "modifyTimestamp" attribute (formatted as HTTP date).

Then we can allow conditional requests like "If-Unmodified-Since".
On backend / LDAP side since Bug #43628 we are able to use server controls for the LDAP operations. We can implement the following LDAP control when modifying objects:

from ldap.controls.libldap import AssertionControl
last_modified = http_date_to_ldap_date(request.headers.get('If-Unmodified-Since'))
try:
    lo.modify(dn, ml, servercontrols=[AssertionControl(filterstr=filter_format('modifyTimestamp=%s', [last_modified]))])
except ldap.ASSERTION_FAILED:
   raise HTTPError(402, 'If-Unmodified-Since does not match.')

The alternative is to use the E-Tag instead of the Last-Modified date, so that we don't need to transform HTTP Date → LDAP Date and vice versa.

Comment 9 Felix Botner 2019-06-27 10:10:15 CEST

reverted 6abfd3b2b48e3d46ec4c2bc7a59cfe82692034e1

univention-management-console 8bd2630545038bd309e6ea3c196027c8da5e84a9

Comment 10 Felix Botner 2019-06-27 10:40:51 CEST

27.06.19 09:05:41.950  MAIN        ( PROCESS ) : SessionClient(0x7f1ffc066d10): _authenticated: success=True  status=200  message=None
27.06.19 09:05:41.950  MAIN        ( PROCESS ) : auth_type=None
27.06.19 09:06:22.902  MAIN        ( PROCESS ) : CPCommand (192.168.0.28:45222) response status code: 591
27.06.19 09:06:22.903  MAIN        ( PROCESS ) : CPCommand (192.168.0.28:45222) response message: Interner Server-Fehler in "appcenter/track".
27.06.19 09:06:22.903  MAIN        ( PROCESS ) : CPCommand (192.168.0.28:45222) response result: None
27.06.19 09:06:22.903  MAIN        ( PROCESS ) : CPCommand (192.168.0.28:45222) response error: {u'traceback': u'Traceback (most recent call last):\n  File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 260, in execute\n    function.__func__(self, request, *args, **kwargs)\n  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response\n    return function(self, request)\n  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 318, in _response\n    result = _multi_response(self, request)\n  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 192, in _response\n    return function(self, request)\n  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 440, in _response\n    return list(function(self, iterator, *nones))\n  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 284, in _fake_func\n    for args in iterator:\n  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 467, in next\n    return [values[name] for name in self.names]\nKeyError: \'app\'\n', u'command': u'appcenter/track'}
27.06.19 09:06:22.903  MAIN        ( ERROR   ) : Interner Server-Fehler in "appcenter/track".
Request: appcenter/track

Comment 11 Johannes Keiser 2019-08-30 10:54:14 CEST

QA for accessing REST API

Only authorized groups have access. Groups can be authorized via
directory/manager/rest/authorized-groups/*

OK: by default "Domain Admins", "DC Backup Hosts" and "DC Slave Hosts" are authorized
OK: Authorizing a new group via UCR variable
OK: user who are not part of any authorized group cannot access API
OK: test_authentication in 73_udm-rest/00_general_tests.py

Comment 12 Felix Botner 2019-09-09 10:19:33 CEST

git show 20c35b1d modules/univention/admin/uexceptions.py
--- a/management/univention-directory-manager-modules/modules/univention/admin/uexceptions.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/uexceptions.py
@@ -77,7 +77,10 @@ class noProperty(base):
 
 
 class valueError(base):
-       pass
+
+       def __init__(self, *args, **kwargs):
+               self.property = kwargs.pop('property')
+               super(valueError, self).__init__(*args, **kwargs)

i am not sure if this is good, we have a lot of code that just raises the valueError exception without the kwarg property 

so please make 'property' optional

(several tests fail because of this 60_umc.60_udm_extended_attributes.master090
60_umc.70_udm_network_functionality.master090
72_udm-extensions.32_file_integrity_udm_module.master090
72_udm-extensions.42_test_udm_syntax.master090)

Comment 13 Florian Best 2019-09-09 11:35:38 CEST

(In reply to Felix Botner from comment #12)
> git show 20c35b1d modules/univention/admin/uexceptions.py
> ---
> a/management/univention-directory-manager-modules/modules/univention/admin/
> uexceptions.py
> +++
> b/management/univention-directory-manager-modules/modules/univention/admin/
> uexceptions.py
> @@ -77,7 +77,10 @@ class noProperty(base):
>  
>  
>  class valueError(base):
> -       pass
> +
> +       def __init__(self, *args, **kwargs):
> +               self.property = kwargs.pop('property')
> +               super(valueError, self).__init__(*args, **kwargs)
> 
> i am not sure if this is good, we have a lot of code that just raises the
> valueError exception without the kwarg property 
> 
> so please make 'property' optional
> 
> (several tests fail because of this
> 60_umc.60_udm_extended_attributes.master090
> 60_umc.70_udm_network_functionality.master090
> 72_udm-extensions.32_file_integrity_udm_module.master090
> 72_udm-extensions.42_test_udm_syntax.master090)


Oh sorry, yes!
Fixed in univention-directory-manager-modules 14.0.13-13A~4.4.0.201909091135.

Comment 14 Felix Botner 2019-09-09 11:46:34 CEST

(In reply to Florian Best from comment #13)
> (In reply to Felix Botner from comment #12)
> > git show 20c35b1d modules/univention/admin/uexceptions.py
> > ---
> > a/management/univention-directory-manager-modules/modules/univention/admin/
> > uexceptions.py
> > +++
> > b/management/univention-directory-manager-modules/modules/univention/admin/
> > uexceptions.py
> > @@ -77,7 +77,10 @@ class noProperty(base):
> >  
> >  
> >  class valueError(base):
> > -       pass
> > +
> > +       def __init__(self, *args, **kwargs):
> > +               self.property = kwargs.pop('property')
> > +               super(valueError, self).__init__(*args, **kwargs)
> > 
> > i am not sure if this is good, we have a lot of code that just raises the
> > valueError exception without the kwarg property 
> > 
> > so please make 'property' optional
> > 
> > (several tests fail because of this
> > 60_umc.60_udm_extended_attributes.master090
> > 60_umc.70_udm_network_functionality.master090
> > 72_udm-extensions.32_file_integrity_udm_module.master090
> > 72_udm-extensions.42_test_udm_syntax.master090)
> 
> 
> Oh sorry, yes!
> Fixed in univention-directory-manager-modules 14.0.13-13A~4.4.0.201909091135.

greate, thanks

Comment 15 Florian Best 2019-09-22 15:51:13 CEST

The UDM REST API has been implemented. Everything following up should be handled via different bugs.

Package: univention-directory-manager-rest
Version: 9.0.16-2A~4.4.0.201909221545

To not cause so much bugzilla mail spam, I'll move all Depends bugs to See-Also.

Comment 16 Felix Botner 2019-09-23 10:22:09 CEST

OK

Comment 17 Florian Best 2019-10-02 16:06:30 CEST

UCS 4.4-2 has been released:
 https://docs.software-univention.de/release-notes-4.4-2-en.html
 https://docs.software-univention.de/release-notes-4.4-2-de.html

If this error occurs again, please use "Clone This Bug".