Bug 33897 – Configurable names for well known role accounts

Bug 33897 - Configurable names for well known role accounts


Summary:	Configurable names for well known role accounts

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Listener (univention-directory-listener)
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.2-0-errata
Assigned To:	Arvid Requate
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:	33889
Blocks:	34527
	Show dependency tree / graph

Reported:	2014-01-09 19:24 CET by Arvid Requate
Modified:	2014-04-10 14:03 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2014-01-09 19:24:18 CET

We need a listener module to set users/default/$UCS_USER_NAME=$CUSTOM_USER_NAME when one of the Well Known Samba role accounts is renamed (like "Administrator").

This has been done already by Felix for the groups/default/... maybe we can simply extend that listener.


+++ This bug was initially created as a clone of Bug #33889 +++

Comment 1 Arvid Requate

2014-01-13 20:12:18 CET

The group-name-mapping.py listener has been extended and renamed to well-known-sid-name-mapping.py.

Advisory: 2013-12-09-univention-pam.yaml

This bug will be set to resolved/fixed after testing Bug 33644.

Comment 2 Arvid Requate

2014-01-14 16:52:54 CET

The well-known-sid-name-mapping listener now calls run-parts on the directory

 /usr/lib/univention-pam/well-known-sid-name-mapping.d

in the postrun function in case a UCR mapping was modified. This allows a slapd restart as well as other service specific operations if required.

Comment 3 Stefan Gohmann

2014-01-22 09:29:53 CET

(In reply to Arvid Requate from comment #2)
> The well-known-sid-name-mapping listener now calls run-parts on the directory
> 
>  /usr/lib/univention-pam/well-known-sid-name-mapping.d
> 
> in the postrun function in case a UCR mapping was modified. This allows a
> slapd restart as well as other service specific operations if required.

That means we will restart the LDAP server every time we change one well known object. Wouldn't it be better to restart the LDAP server only if Administrator, Domain Admins or Windows Hosts were changed?

Comment 4 Arvid Requate

2014-01-22 12:40:10 CET

> That means we will restart the LDAP server every time we change one well known > object. Wouldn't it be better to restart the LDAP server only if Administrator, > Domain Admins or Windows Hosts were changed?

Since it's called in the postrun the restart will be called rarely when a batch of Well known SID objects are renamed in OpenLDAP. But you are right, it would be nicer, if the well-known-sid-name-mapping.d/*  hooks could generally choose their reaction based on the specific changes. This would need an adjustment of Bug 33890 too.

Comment 5 Arvid Requate

2014-01-22 15:59:43 CET

The listener module is adjusted accordingly.
Advisory is updated.

Comment 6 Stefan Gohmann

2014-01-24 08:11:34 CET

YAML: OK
Tests: OK
Code: OK

Comment 7 Moritz Muehlenhoff

2014-01-29 11:16:43 CET

http://errata.univention.de/ucs/3.2/30.html