Bug 34742 - "uid" missing in "attributes"
"uid" missing in "attributes"
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: PAM
UCS 3.2
Other Linux
: P1 normal (vote)
: UCS 3.2-2-errata
Assigned To: Philipp Hahn
Stefan Gohmann
:
Depends on:
Blocks: 34355
  Show dependency treegraph
 
Reported: 2014-05-02 16:46 CEST by Philipp Hahn
Modified: 2014-07-02 11:28 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
Fix univention-pam/well-known-sid-name-mapping.py (1.50 KB, patch)
2014-05-02 16:46 CEST, Philipp Hahn
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-05-02 16:46:55 CEST
Created attachment 5891 [details]
Fix univention-pam/well-known-sid-name-mapping.py

+++ This bug was initially created as a clone of Bug #34355 +++
(In reply to Stefan Gohmann from comment #6)
> Please have a look at the jenkins tests:
>  jenkins.knut.univention.de:8080/job/UCS 3.2 Autotest
> MultiEnv/358/testReport/
> 
> For example the following case failed:
>  00_base/95rename_administrator

The listener module "well-known-sid-name-mapping" is buggy: it wrongly assumes that "uid" is unique. This is and was never true, as "modrdn" can clean to even single-value attributes having multiple values.
The new listener now first does a "modrdn", which keeps the old "uid=Administrator" and adds an additional "uid=$RANDOM". The listener module then assumes that on the "move_to" part the uid already contains only the new uid, but only fetches uid[0]='"Administrator" and thus does not trigger the code to set the UCRV users/default/Administrator=uid[1]=$OTHER-UID.

The new listener explicitly does a "m" after that to allow listener modules to catch up delayed changes, but "uid" is missing from list of declared list of "attributes":
> updating 'cn=Administrators,cn=groups,dc=phahn,dc=dev' command m
> handler: well-known-sid-name-mapping (up-to-date)
Comment 1 Philipp Hahn univentionstaff 2014-05-02 22:39:02 CEST
Also "sambaSid" -> "sambaSID" as the listener compares case-aware.
Comment 2 Philipp Hahn univentionstaff 2014-05-03 01:36:32 CEST
r49757 | Bug #34742 PAM: trigger well-known-sid-name-mapping
univention-pam_7.0.4-28.247.201405030135

doc/errata/staging/2014-04-14-univention-pam.yaml
r49760 | Bug #34742 PAM: trigger well-known-sid-name-mapping YAML
Comment 3 Alexander Kläser univentionstaff 2014-05-26 12:56:35 CEST
The YAML file should have "version: [2]", AFAIS.
Comment 4 Philipp Hahn univentionstaff 2014-05-26 15:38:14 CEST
r50687 | Bug #34742 PAM: YAML
Comment 5 Stefan Gohmann univentionstaff 2014-06-30 07:35:00 CEST
Code: OK

Tests: OK

YAML: OK
Comment 6 Moritz Muehlenhoff univentionstaff 2014-07-02 11:28:52 CEST
http://errata.univention.de/ucs/3.2/132.html