Bug 35521 - UDM group name syntax too strict for standard french AD group names
UDM group name syntax too strict for standard french AD group names
Product: UCS
Classification: Unclassified
Component: UMC - Groups
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Stefan Gohmann
Felix Botner
: 35479 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2014-07-30 13:10 CEST by Arvid Requate
Modified: 2014-09-10 17:40 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

test_group_syntax.py (585 bytes, text/plain)
2014-07-30 13:22 CEST, Arvid Requate

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2014-07-30 13:10:51 CEST
The current UDM syntax for group names is too strict e.g. for french AD group names. In the AD-Connector log I see the following traceback:

InvalidSyntax: Name: Value may not contain other than numbers
, letters and dots! (cn=Contrôleurs de domaine d’entreprise en lecture seule,cn=users,dc=w2k12,dc=test)

As a workaround one can ucr set


and restart the AD Connector. But maybe it would be better to adjust the univention.admin.syntax.gid to allow more chracters (like we have done for the username).
Comment 1 Arvid Requate univentionstaff 2014-07-30 13:22:10 CEST
Created attachment 6029 [details]

Example script.
Comment 2 Stefan Gohmann univentionstaff 2014-09-02 11:37:49 CEST
*** Bug 35479 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Gohmann univentionstaff 2014-09-02 13:44:42 CEST
The UDM group name syntax has been adapted:

UCS 3.2-3: r53238 + r53240
UCS 4.0: r53239 + r53241
YAML: r53242
Comment 4 Felix Botner univentionstaff 2014-09-03 11:24:10 CEST
OK - AD takeover with a french AD works just fine 

-> udm groups/group list | grep DN
DN: cn=Utilisateurs du modèle COM distribué,cn=Builtin,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine,cn=groups,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine en lecture seule,cn=groups,dc=w2k12,dc=test
DN: cn=Invités,cn=Builtin,dc=w2k12,dc=test
DN: cn=Duplicateurs,cn=Builtin,dc=w2k12,dc=test
DN: cn=Ordinateurs du domaine,cn=groups,dc=w2k12,dc=test
DN: cn=Lecteurs des journaux d’événements,cn=Builtin,dc=w2k12,dc=test
DN: cn=Groupe d’accès d’autorisation Windows,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs de licences des services Terminal Server,cn=Builtin,dc=w2k12,dc=test
DN: cn=Opérateurs de sauvegarde,cn=Builtin,dc=w2k12,dc=test
DN: cn=Générateurs d’approbations de forêt entrante,cn=Builtin,dc=w2k12,dc=test
DN: cn=Éditeurs de certificats,cn=groups,dc=w2k12,dc=test
DN: cn=Serveurs RAS et IAS,cn=groups,dc=w2k12,dc=test
DN: cn=IIS_IUSRS,cn=Builtin,dc=w2k12,dc=test
DN: cn=Accès DCOM service de certificats,cn=Builtin,dc=w2k12,dc=test
DN: cn=Utilisateurs,cn=Builtin,dc=w2k12,dc=test
DN: cn=DnsUpdateProxy,cn=groups,dc=w2k12,dc=test
  description: DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
DN: cn=Utilisateurs de gestion à distance,cn=Builtin,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine clonables,cn=users,dc=w2k12,dc=test
DN: cn=Serveurs Accès Distant RDS,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs RDS Endpoint,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs Gestion RDS,cn=Builtin,dc=w2k12,dc=test
DN: cn=WinRMRemoteWMIUsers__,cn=users,dc=w2k12,dc=test
DN: cn=testgroup,cn=users,dc=w2k12,dc=test
DN: cn=Administrateurs Hyper-V,cn=Builtin,dc=w2k12,dc=test

OK - UCS 4.0-0
Comment 5 Janek Walkenhorst univentionstaff 2014-09-10 17:40:11 CEST