Bug 33650 - Configurable default group names
Configurable default group names
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: PAM
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-0-errata
Assigned To: Arvid Requate
Stefan Gohmann
:
Depends on:
Blocks: 33889
  Show dependency treegraph
 
Reported: 2013-12-04 13:48 CET by Stefan Gohmann
Modified: 2014-01-29 11:16 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2013-12-04 13:48:54 CET
See Bug #33644

univention-pam should consider the different names.
Comment 1 Felix Botner univentionstaff 2013-12-09 17:08:11 CET
2013-12-09-univention-config-registry.yaml
univention-config-registry: 9.0.5-2.443.201312091553

added groupNameMapping(name) to class ConfigRegistry to easily convert group names in ucr templates. groupNameMapping returns the converted group name (from ucr var groups/default/name.lower.replace(" ", "")) or the name.


2013-12-09-univention-pam.yaml
univention-pam: 7.0.4-3.224.201312091705

/etc/security/* templates in univention-pam have been modified to check the group name mapping and groups/default/.* has been added to the ucrv registration for those templates.
Comment 2 Arvid Requate univentionstaff 2014-01-14 18:22:50 CET
The templates needed additional adjustment for Bug 33889. Bug reassigned.
Comment 3 Arvid Requate univentionstaff 2014-01-15 12:49:26 CET
The groupNameMapping method has been removed from univention-config-registry in favour of the custom_groupname function in python-univention-lib. univention-pam has been adjusted accordingly and this bug number has been removed from the advisory 2013-12-09-univention-config-registry.yaml.
Comment 4 Stefan Gohmann univentionstaff 2014-01-22 08:20:31 CET
I've added a test case which failed: 
* 00_base/96rename_domain_admins

Log output:

Checking whether new admin group name (sojzcgxk) is set to /etc/security/access-chfn.conf: 
failed
************** /etc/security/access-chfn.conf ***************
# Warning: This file is auto-generated and might be overwritten by
#          univention-config-registry.
#          Please edit the following file(s) instead:
# Warnung: Diese Datei wurde automatisch generiert und kann durch
#          univention-config-registry überschrieben werden.
#          Bitte bearbeiten Sie an Stelle dessen die folgende(n) Datei(en):
# 
#       /etc/univention/templates/files/etc/security/access-chfn.conf
# 

+::ALL
-:ALL:ALL

****************************************
Comment 5 Stefan Gohmann univentionstaff 2014-01-22 08:29:21 CET
(In reply to Stefan Gohmann from comment #4)
> I've added a test case which failed: 
> * 00_base/96rename_domain_admins

My fault. This configuration seems to be normal for the following files:
 /etc/security/access-chfn.conf
 /etc/security/access-chsh.conf
 /etc/security/access-cron.conf
 /etc/security/access-kcheckpass.conf
 /etc/security/access-kde.conf
 /etc/security/access-kscreensaver.conf
 /etc/security/access-passwd.conf
 /etc/security/access-rsh.conf
 /etc/security/access-su.conf
 /etc/security/access-sudo.conf

I'll adjust the test case.
Comment 6 Stefan Gohmann univentionstaff 2014-01-22 09:08:58 CET
Code:OK
YAML: Failed, the entry does not mention the UCR variables.
Test cases: OK, see 00_base/9*rename_*
Comment 7 Arvid Requate univentionstaff 2014-01-22 15:58:56 CET
Advisory text adjusted.
Comment 8 Stefan Gohmann univentionstaff 2014-01-23 07:21:43 CET
(In reply to Arvid Requate from comment #7)
> Advisory text adjusted.

OK
Comment 9 Moritz Muehlenhoff univentionstaff 2014-01-29 11:16:53 CET
http://errata.univention.de/ucs/3.2/30.html