Univention Bugzilla – Bug 35423
Policies with requiredObjectClasses or prohibitedObjectClasses are not inherited correctly
Last modified: 2017-05-02 17:43:00 CEST
While writing a test for non-UCR policies (Bug #35314), noticed that policies with required or excluded object class are not inherited. For instance in the following structure: Ldap/base: |--- Base Container (with own 'base container policy') |--- Intermediate container (with own 'intermediate container policy') |--- User 1 (No samba, but with own 'user policy') |--- User 2 (With samba, but no own user policy) |--- User 3 (No samba and no own user policy) When intermediate container policy has the {'requiredObjectClasses': ["sambaSamAccount"]} setting, the 'User 3' should have the base container policy winning, since it is not a samba user and thus intermediate container policy should not be applied. When checking 'User 3' policy via univention-policy-result tool the result is correct (i.e. 'User 3' has base container policy settings): root@backup11:~# univention-policy-result -D uid=Administrator,cn=users,dc=dgalkin,dc=dev -w univention -s uid=umc_test_user_bb5kgngvha,cn=intermediate_test_container,cn=base_test_container,dc=dgalkin,dc=dev ... univentionPWHistoryLen="5" univentionPWLength="5" However, in the UMC same attributes are: ... univentionPWHistoryLen="4" univentionPWLength="" (Those are the attributes inherited from the intermediate container policy)
Created attachment 6005 [details] 'user 3' inherited password policy from the 'intermediate container'
Created attachment 6006 [details] 'user 3' is not a samba user
Created attachment 6007 [details] policy of the intermediate container
Created attachment 6008 [details] 'intermediate container policy' advanced settings
Probably a duplicate of Bug #38712. Need to check: after Bug #35423 is resolved, line 299 in the test should be uncommented
(In reply to Philipp Hahn from comment #5) > Probably a duplicate of Bug #38712. > Need to check: > after Bug #35423 is resolved, line 299 in the test should be uncommented which test case?
(In reply to Florian Best from comment #6) > (In reply to Philipp Hahn from comment #5) > > Probably a duplicate of Bug #38712. > > Need to check: > > after Bug #35423 is resolved, line 299 in the test should be uncommented > which test case? $ git grep -n -A2 35423 -- test/ucs-test/tests/ test/ucs-test/tests/60_umc/06_udm_non_ucr_policies:213: # Check commented due to Bug #35423, test/ucs-test/tests/60_umc/06_udm_non_ucr_policies-214- # should be uncommented after bug is resolved: test/ucs-test/tests/60_umc/06_udm_non_ucr_policies-215- #self.check_policies('5', '5', self.test_user_dn)
I reenabled the test: ucs-test (7.0.21-15): r78977 | Bug #35423: the underlying issue seems to be fixed