Bug 34973 - Issue a warning if the username is longer than 20 characters
Issue a warning if the username is longer than 20 characters
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-1-errata
Assigned To: Johannes Keiser
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-26 16:18 CEST by Arvid Requate
Modified: 2017-06-28 15:33 CEST (History)
5 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.103
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Ticket number: 2015010321000201,
Bug group (optional): Error handling, External feedback, Usability
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2014-05-26 16:18:39 CEST
Windows 7 seems to have a bug causing logins of accounts with len(username) > 20 to fail with the error message

  Data area passed to a system call is too small

https://bugzilla.samba.org/show_bug.cgi?id=7343#c17

Maybe we should issue a warning in UMC.
Comment 1 Arvid Requate univentionstaff 2014-05-26 16:51:19 CEST
Actually the MS error message ID is ERROR_INSUFFICIENT_BUFFER.
Comment 2 Arvid Requate univentionstaff 2014-05-26 17:28:22 CEST
Just for future reference: log.smbd also had a related message:
===========================================================
[2014/05/26 15:14:42.747487, 10, pid=24534, effective(2627, 5088), real(2627, 0)] ../source3/smbd/         smb2_server.c:1894(smbd_smb2_request_dispatch)
  smbd_smb2_request_dispatch: opcode[SMB2_OP_GETINFO] mid = 17

[...]

[2014/05/26 15:14:42.751003,  3, pid=24534, effective(2627, 5088), real(2627, 0)] ../source3/smbd/nttrans. c:1974(smbd_do_query_security_desc)
  smbd_do_query_security_desc: sd_size = 48.
[2014/05/26 15:14:42.751052, 10, pid=24534, effective(2627, 5088), real(2627, 0)] ../source3/smbd/nttrans. c:1978(smbd_do_query_security_desc)
  smbd_do_query_security_desc for file windows-profiles/default.V2

[...]

[2014/05/26 15:14:42.751515, 10, pid=24534, effective(2627, 5088), real(2627, 0)] ../source3/smbd/         smb2_server.c:2643(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at ../source3/smbd/       smb2_getinfo.c:170
[2014/05/26 15:14:42.751563, 10, pid=24534, effective(2627, 5088), real(2627, 0)] ../source3/smbd/         smb2_server.c:2544(smbd_smb2_request_done_ex)
  smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] body[8] dyn[yes:4] at ../source3/   smbd/smb2_server.c:2682
===========================================================

This comes from source3/smbd/nttrans.c:smbd_do_query_security_desc
===========================================================
        if (max_data_count < *psd_size) {
                TALLOC_FREE(frame);
                return NT_STATUS_BUFFER_TOO_SMALL;
        }
===========================================================
Comment 3 Arvid Requate univentionstaff 2014-05-27 15:00:07 CEST
There you go: samaccountname is limited to 20 characters. The AD even disallows ldapmodifying it to a longer string.

http://msdn.microsoft.com/en-us/library/ms679635%28v=vs.85%29.aspx

When creating a user in W2K8R2 AD with a longer name, the principalname is allowed to be the long version but the samaccountname is restricted. Logon at the windows 7 client is only possible with the short version.
Comment 4 Stefan Gohmann univentionstaff 2016-12-13 08:10:40 CET
The Enterprise Customer affected flag is set but neither a Ticket number is referenced nor a Customer ID is set. Please set a Ticket number or a Customer ID. Otherwise the Enterprise Customer affected flag will be reset.
Comment 5 Arvid Requate univentionstaff 2016-12-13 12:29:07 CET
Customer uses his own Ticket system.
Comment 6 Johannes Keiser univentionstaff 2017-06-20 20:10:09 CEST
r 80373
univention-management-console-module-udm (7.0.10-7) 
* Bug #34973: Show a warning if a user name has more than 20 characters

YAML: r 80380
---
The warning is shown as a tooltip directly on the user name input field and
as a notification when the user is saved.
Comment 7 Florian Best univentionstaff 2017-06-21 17:52:25 CEST
REOPEN:
The sentence """
<b>Warning:</b> The user name{username} is longer than {length} characters.<br>A login on Windows clients is not possible with a user name that has more than {length} characters.
""" contains duplicated phrases.
Better is something like:
<b>Warning:</b> The username is longer than {length} characters which makes login on Windows clients impossible. Please consider shorten the username.

There is no HTML escaping, if I e.g. enter a username like <b>Foo. I don't think it's necessary to mention the username at all.

Please move the new block """
 						} else if (success) {
+							// show a warning notification if a user is saved
""" into an own function/method.

The for loop can only be executed in moduleFlavor === 'users/user' (early exit).
The for loop can be done with array.forEach() or tools.forIn()!

For me the following line looks like a memory leak:
+				this.usernameMaxLengthChecker = new UsernameMaxLengthChecker({textBoxWidget: widgets.username});

→ this.own(this.usernameMaxLengthChecker) is missing?!

YAML: "Show a warning" → "A warning is now shown"
Comment 8 Johannes Keiser univentionstaff 2017-06-21 19:32:45 CEST
(In reply to Florian Best from comment #7)
> REOPEN:
> The sentence """
> <b>Warning:</b> The user name{username} is longer than {length}
> characters.<br>A login on Windows clients is not possible with a user name
> that has more than {length} characters.
> """ contains duplicated phrases.
> Better is something like:
> <b>Warning:</b> The username is longer than {length} characters which makes
> login on Windows clients impossible. Please consider shorten the username.
> 
> There is no HTML escaping, if I e.g. enter a username like <b>Foo. I don't
> think it's necessary to mention the username at all.
> 
> Please move the new block """
>  						} else if (success) {
> +							// show a warning notification if a user is saved
> """ into an own function/method.
> 
> The for loop can only be executed in moduleFlavor === 'users/user' (early
> exit).
> The for loop can be done with array.forEach() or tools.forIn()!

r 80396
univention-management-console-module-udm (7.0.10-8) 
* Bug #34973: Improve wording of warning message for long user names

-----
> YAML: "Show a warning" → "A warning is now shown"

r 80397

-----
> For me the following line looks like a memory leak:
> +				this.usernameMaxLengthChecker = new
> UsernameMaxLengthChecker({textBoxWidget: widgets.username});
> 
> → this.own(this.usernameMaxLengthChecker) is missing?!

I don't think this is a memory leak. TextBoxMaxLengthChecker and in turn UsernameMaxLengthChecker does not inherit from _WidgetBase and does not get added to the dijit.registry. If the DetailPage is destroyed the UsernameMaxLengthChecker instance should get garbage collected since there is no longer a reference to it.
Comment 9 Florian Best univentionstaff 2017-06-22 14:34:21 CEST
OK: Code-Review
OK: the message/notification is shown in the detail page, in the wizard and after modifying the username
OK: YAML
Comment 10 Janek Walkenhorst univentionstaff 2017-06-28 15:33:20 CEST
<http://errata.software-univention.de/ucs/4.2/75.html>