Univention Bugzilla – Bug 31916
Policy tab does not show merged values if a policy is connected directly
Last modified: 2014-07-08 12:45:10 CEST
The policy tab does not show the merged values if a policy is connected directly. For example, I have two Master packages policies: root@master111:~# univention-ldapsearch -LLL cn=m1 | egrep "(dn|univentionMasterPackages)" dn: cn=m1,cn=policies,dc=deadlock11,dc=local univentionMasterPackages: autoconf root@master111:~# univention-ldapsearch -LLL cn=m2 | egrep "(dn|univentionMasterPackages)" dn: cn=m2,cn=policies,dc=deadlock11,dc=local univentionMasterPackagesRemove: automake root@master111:~# Next I connect m1 with the ldap base. After that I connect m2 with computers container, only the m2 result is displayed on the policies tab of the computers container. On the DC master the merged values are displayed.
AFAIR merging is only done for UCR variable policies.
(In reply to Alexander Kläser from comment #1) > AFAIR merging is only done for UCR variable policies. No, as discussed, the policies are merged by default.
*** Bug 32109 has been marked as a duplicate of this bug. ***
Created attachment 5381 [details] Patch for erroneous policy evaluation in UDM UMC module. The attached patch fixes the erroneous behaviour w.r.t. the evaluation of policies in the UDM UMC module. There are 2x2x2 (=8) cases that may occur: (1) [edit] editing an existing UDM object -> the existing UDM object itself is loaded [new] virtually edit non-existing (=new) UDM object -> the parent container UDM object is loaded (2) [w/pol] UDM object has assigend policies in LDAP directory [w/o_pol] UDM object has no policies assigend in LDAP directory (3) [inherit] user request to (virtually) change the policy to 'inherited' [set_pol] user request to (virtually) assign a particular policy The code needs to check for three different conditions: case: [edit; w/pol; inherit] → current policy is (virtually) overwritten with 'None' cases: * [new; w/pol; inherit] * [new; w/pol; set_pol] → old + temporary policy are both (virtually) set at the parent container (other) cases: * [new; w/o_pol; inherit] * [new; w/o_pol; set_pol] * [edit; w/pol; set_pol] * [edit; w/o_pol; inherit] * [edit; w/o_pol; set_pol] → simple set of the temporary policy or None
@QA: Please create a test script for Bug 32271.
Added YAML files: 2013-08-20-univention-directory-manager-modules.yaml 2013-08-20-univention-management-console-module-udm.yaml Built packages for scope ucs_3.1-0-errata3.1-1. Merged changes into UCS 3.2 branch: univention-directory-manager-modules (9.0.15-1) unstable; urgency=low . * Bug #31916: allow a list of policy DNs for simplePolicy.policy_result() as well as a single policy DN reference. univention-management-console-module-udm (4.0.13-1) unstable; urgency=low . * Bug #31916: fixed erroneous evaluation of policies in udm/object/policies
Fix: OK (tested with UCR and Master packages policy) YAML: OK 3.2 Changelog is missing 3.2 Error: univention-management-console-module-udm Depends: univention-directory-manager-tools (>> 9.0.16-1) should be: Depends: univention-directory-manager-tools (>= 9.0.16-1) I wonder why it was installable?!
(In reply to Florian Best from comment #7) > Fix: OK (tested with UCR and Master packages policy) > YAML: OK > > 3.2 Changelog is missing → I added the changelog entry. > 3.2 Error: > univention-management-console-module-udm > Depends: univention-directory-manager-tools (>> 9.0.16-1) > > should be: > Depends: univention-directory-manager-tools (>= 9.0.16-1) > > I wonder why it was installable?! → I corrected the version dependency. Good question, though :) . univention-management-console-module-udm (4.0.13-2) unstable; urgency=low . * Bug #31916: fixed version dependency to univention-directory-manager-tools
*** Bug 32209 has been marked as a duplicate of this bug. ***
(In reply to Florian Best from comment #7) > 3.2 Error: > univention-management-console-module-udm > Depends: univention-directory-manager-tools (>> 9.0.16-1) > > should be: > Depends: univention-directory-manager-tools (>= 9.0.16-1) > > I wonder why it was installable?! We append a timestamp during the build, e.g. 9.0.16-456-2013...
Changelog: OK Version: OK
http://errata.univention.de/ucs/3.1/174.html