Univention Bugzilla – Bug 34093
UCS in Active Directory domain: Show a warning while creating objects
Last modified: 2014-08-14 11:45:58 CEST
+++ This bug was initially created as a clone of Bug #34091 +++ Furthermore the object creation via UMC should display a warning that this object will not synchronized to AD.
r47820: show warning in frontend if the system is a member of an AD domain when creating objects which are not synced back to AD
TODO: The warning-text should be adapted (and translated). TODO: The icon is currently shown twice (because the style-attribute of the Text widget is applied to two dom-elements (WTF))
(In reply to Florian Best from comment #2) > TODO: The warning-text should be adapted (and translated). > TODO: The icon is currently shown twice (because the style-attribute of the > Text widget is applied to two dom-elements (WTF)) → both in svn48026 48027: adapt wording of UCS in AD warning
The warning is shown for the object types configured by the following UCR variable: directory/manager/web/modules/$module/show/adnotification e.g. directory/manager/web/modules/computers/computer/show/adnotification: true directory/manager/web/modules/groups/group/show/adnotification: true directory/manager/web/modules/users/user/show/adnotification: true
By default the warning is now shown for container/ou container/cn users/user and groups/group (set in umc-udm postinst).
Please merge the changes to UCS 3.2-2. It should be released as erratum.
Package: univention-management-console-module-udm Version: 4.0.97-25.449.201407031234 Scope: errata3.2-2
Currently, the template selection is shown first and then the warning. I think we should change the order.
Merged also svn48117 and svn48140.
The "Password" dialog of the user wizard does not go away after "Create User" (should go back to a new empty "User information" dialog).
(In reply to Stefan Gohmann from comment #8) > Currently, the template selection is shown first and then the warning. I > think we should change the order. Yes, it has been changed for the specific modules (users/user, groups/group, …) but not for the navigation flavor because the object type selection is part of the template selection page. (In reply to Felix Botner from comment #10) > The "Password" dialog of the user wizard does not go away after "Create > User" (should go back to a new empty "User information" dialog). Yes, this has been fixed. Package: univention-management-console-module-udm Version: 4.0.97-27.451.201407080957
directory/manager/web/modules/computers/computer/show/adnotification: true => does not work (probably due to checking for specific udm type, not the "main type"?) Wording: German: "UCS System" -> "UCS-System"; "Active Directory Domäne" -> "Active Directory-Domäne" (etc) "Klicken Sie bitte auf Weiter um diese Warnung zu ignorieren" -> "Klicken Sie auf Weiter, um Benutzer nur für UCS-Systeme anzulegen." English: "Please press Next to ignore this warning." -> "Press Next to create users only available on UCS systems."
What about DNS objects, DHCP etc. As far as I understand, Active Directory handles that for UCS now. Shouldn't we show a warning for other modules, too? Printers can also be added in AD...
(In reply to Dirk Wiesenthal from comment #13) > What about DNS objects, DHCP etc. As far as I understand, Active Directory > handles that for UCS now. Shouldn't we show a warning for other modules, > too? Printers can also be added in AD... IIRC we wanted to disable those flavors directly via XML.
(In reply to Florian Best from comment #14) > (In reply to Dirk Wiesenthal from comment #13) > > What about DNS objects, DHCP etc. As far as I understand, Active Directory > > handles that for UCS now. Shouldn't we show a warning for other modules, > > too? Printers can also be added in AD... > IIRC we wanted to disable those flavors directly via XML. DHCP is still possible without any problems. For DNS we should change the module description that theses values should be configured in AD. The current module description: "Configuration of DNS settings in the domain" it could be changed to: "Configuration of DNS settings in the UCS domain. Please use the Active Directory administration utilities to make theses changes available in the whole domain." The printer administration should be still possible.
(In reply to Dirk Wiesenthal from comment #12) > directory/manager/web/modules/computers/computer/show/adnotification: true > > => does not work (probably due to checking for specific udm type, not the > "main type"?) > > Wording: > German: "UCS System" -> "UCS-System"; "Active Directory Domäne" -> "Active > Directory-Domäne" (etc) > "Klicken Sie bitte auf Weiter um diese Warnung zu ignorieren" -> "Klicken > Sie auf Weiter, um Benutzer nur für UCS-Systeme anzulegen." > > English: > "Please press Next to ignore this warning." -> "Press Next to create users > only available on UCS systems." fixed in svn52265 (not yet merged to UCS4). computers/computer is now evaluated. It was broken due to comment #8 (comment #11). The object selection was done on the first page but we display the notification before we know the type. Now the whole flavor can be disabled.
Using navigation yields (for users/user): Warnung! Neu erzeugte LDAP-Objekte werden nur auf UCS-Systemen und nicht in der Active Directory Domäne vorhanden sein Could you please check whether it is possible (within a reasonable amount of time) to pass the verbose name of the object to that warning message? I know that we also have a "Create LDAP object" instead of "Create user" in navigation. But the sentence in this form is a bit too far-ranging (and "LDAP-Objekte dieses Typs" may be equally hacky to implement). If this is not really possible I might accept it.
Oh, real REOPEN: computers/computer warning now works fine in computers/computer flavor. But it does not in navigation.
What about a module.addNotification(this.object.name + ' is part of the Active Directory domain. UCS can only change certain attributes.')?
(In reply to Dirk Wiesenthal from comment #18) > Oh, real REOPEN: computers/computer warning now works fine in > computers/computer flavor. But it does not in navigation. The question is: should we set UCR variables for all computer types like: directory/manager/web/modules/computers/comaincontroller_slave/show/adnotification=true directory/manager/web/modules/computers/comaincontroller_master/show/adnotification=true … or just computers/computer to show the warning for all computers/* objects? → latter would have the disadvantage that it would disable every sub object type of that main type. The change is very tricky because of the different behavior in 'navigation' and the wish to show the message before the selection of the real object type. (In reply to Dirk Wiesenthal from comment #19) > What about a module.addNotification(this.object.name + ' is part of the > Active Directory domain. UCS can only change certain attributes.')? What do you mean? instead of the dialog? When should the notification be added? yes, this would be much simpler.
* fixed DNS * fixed computer * added notification in edit mode * fixed object name in navigation flavor (works only when it was changed 1 time)
merged to 3.2-3 and 4.0-0
(In reply to Florian Best from comment #21) > * added notification in edit mode When editing Backup Join (non-AD I suppose), I get this warning nevertheless: group "" is part of the Active Directory domain. UCS can only change certain attributes. 1. Warning should not be seen 2. group should be capitalized. Or I suggest translating "The %s "%s" is part" with "%s "%s" ist Teil" 3. Why is the name empty? Has this something to do with the group not really synced?
(In reply to Florian Best from comment #21) > * fixed computer Really? I can still edit WIN7PRO. I have installed the latest packages and got ad/member with those. Or am I missing something?
The new navigation warning works (almost). Why does it only get the real name when the user changed the type? First object type is computers/domaincontroller_backup Additionally you include the value from the ComboBox, which makes sentences sound wrong: Please use the Active Directory administration utilities to create new domain User. User is capitalized and without any article. This only works in German (by accident). I suggest rephrasing the whole warning a little bit for navigation. Warning! Newly created LDAP objects of this type will only be available on UCS systems and not in the Active Directory domain. Please use the Active Directory administration utilities to create new domain LDAP objects of this type. Press Next to create **an LDAP object of this type** only available on UCS systems. Is this possible? I guess it is even easier to implement. Or at least would have been if I suggested it earlier...
(In reply to Dirk Wiesenthal from comment #23) > (In reply to Florian Best from comment #21) > group "" is part of the Active Directory domain. UCS can only change certain > attributes. > Seems to work for users, computer. But not for groups. The warning is shown even when editing a completely AD unrelated object (Mail).
DNS object "" is part of the Active Directory domain. UCS can only change certain attributes. 1. Empty name error 2. This DNS object is not really part of the Active Directory domain: Bug #34092, comment #20: > Currently we don't sync the DNS settings between UCS and AD. By default all > UCS systems use the AD DNS.
(In reply to Dirk Wiesenthal from comment #23) > (In reply to Florian Best from comment #21) > > * added notification in edit mode > > When editing Backup Join (non-AD I suppose), I get this warning nevertheless: > > group "" is part of the Active Directory domain. UCS can only change certain > attributes. > > 1. Warning should not be seen fixed > 2. group should be capitalized. Or I suggest translating "The %s "%s" is > part" with "%s "%s" ist Teil" fixed > 3. Why is the name empty? Has this something to do with the group not really > synced? because the form.ready() was already done but the object was not loaded. fixed (In reply to Dirk Wiesenthal from comment #24) > (In reply to Florian Best from comment #21) > > * fixed computer > > Really? I can still edit WIN7PRO. I have installed the latest packages and > got ad/member with those. Or am I missing something? with fixed computer was meant that the message is shown for computer objects (comment #16) (In reply to Dirk Wiesenthal from comment #25) > The new navigation warning works (almost). Why does it only get the real > name when the user changed the type? First object type is > computers/domaincontroller_backup TODO: well something strange happens in initial form loading... > Additionally you include the value from the ComboBox, which makes sentences > sound wrong: > > Please use the Active Directory administration utilities to create new > domain User. > > User is capitalized and without any article. This only works in German (by > accident). TODO > I suggest rephrasing the whole warning a little bit for navigation. > > Warning! Newly created LDAP objects of this type will only be available on > UCS systems and not in the Active Directory domain. Please use the Active > Directory administration utilities to create new domain LDAP objects of this > type. Press Next to create **an LDAP object of this type** only available on > UCS systems. TODO > Is this possible? I guess it is even easier to implement. Or at least would > have been if I suggested it earlier... (In reply to Dirk Wiesenthal from comment #26) > (In reply to Dirk Wiesenthal from comment #23) > > (In reply to Florian Best from comment #21) > > group "" is part of the Active Directory domain. UCS can only change certain > > attributes. > > > > Seems to work for users, computer. But not for groups. > > The warning is shown even when editing a completely AD unrelated object > (Mail). fixed, as said above. (In reply to Dirk Wiesenthal from comment #27) > DNS object "" is part of the Active Directory domain. UCS can only change > certain attributes. > > 1. Empty name error fixed > 2. This DNS object is not really part of the Active Directory domain: > Bug #34092, comment #20: > > Currently we don't sync the DNS settings between UCS and AD. By default all > > UCS systems use the AD DNS. Well, no univentionObjectFlag == synced
(In reply to Florian Best from comment #28) > (In reply to Dirk Wiesenthal from comment #25) > > The new navigation warning works (almost). Why does it only get the real > > name when the user changed the type? First object type is > > computers/domaincontroller_backup > TODO: well something strange happens in initial form loading... I've created a new bug for this issue: Bug #35539 > > Additionally you include the value from the ComboBox, which makes sentences > > sound wrong: > > > > Please use the Active Directory administration utilities to create new > > domain User. > > > > User is capitalized and without any article. This only works in German (by > > accident). > TODO Do you mean the message in LDAP navigation? this has been fixed with r52439. > > I suggest rephrasing the whole warning a little bit for navigation. > > > > Warning! Newly created LDAP objects of this type will only be available on > > UCS systems and not in the Active Directory domain. Please use the Active > > Directory administration utilities to create new domain LDAP objects of this > > type. Press Next to create **an LDAP object of this type** only available on > > UCS systems. > TODO Fixed with r52439.
Ok, works. Minor adaptions. YAML: Ok.
http://errata.univention.de/ucs/3.2/169.html