Bug 35521 - UDM group name syntax too strict for standard french AD group names
UDM group name syntax too strict for standard french AD group names
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Groups
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Stefan Gohmann
Felix Botner
:
: 35479 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-30 13:10 CEST by Arvid Requate
Modified: 2014-09-10 17:40 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
test_group_syntax.py (585 bytes, text/plain)
2014-07-30 13:22 CEST, Arvid Requate
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2014-07-30 13:10:51 CEST
The current UDM syntax for group names is too strict e.g. for french AD group names. In the AD-Connector log I see the following traceback:

InvalidSyntax: Name: Value may not contain other than numbers
, letters and dots! (cn=Contrôleurs de domaine d’entreprise en lecture seule,cn=users,dc=w2k12,dc=test)

As a workaround one can ucr set

 directory/manager/web/modules/groups/group/properties/name/syntax=string

and restart the AD Connector. But maybe it would be better to adjust the univention.admin.syntax.gid to allow more chracters (like we have done for the username).
Comment 1 Arvid Requate univentionstaff 2014-07-30 13:22:10 CEST
Created attachment 6029 [details]
test_group_syntax.py

Example script.
Comment 2 Stefan Gohmann univentionstaff 2014-09-02 11:37:49 CEST
*** Bug 35479 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Gohmann univentionstaff 2014-09-02 13:44:42 CEST
The UDM group name syntax has been adapted:

UCS 3.2-3: r53238 + r53240
UCS 4.0: r53239 + r53241
YAML: r53242
Comment 4 Felix Botner univentionstaff 2014-09-03 11:24:10 CEST
OK - AD takeover with a french AD works just fine 

-> udm groups/group list | grep DN
DN: cn=Utilisateurs du modèle COM distribué,cn=Builtin,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine,cn=groups,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine en lecture seule,cn=groups,dc=w2k12,dc=test
DN: cn=Invités,cn=Builtin,dc=w2k12,dc=test
DN: cn=Duplicateurs,cn=Builtin,dc=w2k12,dc=test
DN: cn=Ordinateurs du domaine,cn=groups,dc=w2k12,dc=test
DN: cn=Lecteurs des journaux d’événements,cn=Builtin,dc=w2k12,dc=test
DN: cn=Groupe d’accès d’autorisation Windows,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs de licences des services Terminal Server,cn=Builtin,dc=w2k12,dc=test
DN: cn=Opérateurs de sauvegarde,cn=Builtin,dc=w2k12,dc=test
DN: cn=Générateurs d’approbations de forêt entrante,cn=Builtin,dc=w2k12,dc=test
DN: cn=Éditeurs de certificats,cn=groups,dc=w2k12,dc=test
DN: cn=Serveurs RAS et IAS,cn=groups,dc=w2k12,dc=test
DN: cn=IIS_IUSRS,cn=Builtin,dc=w2k12,dc=test
DN: cn=Accès DCOM service de certificats,cn=Builtin,dc=w2k12,dc=test
DN: cn=Utilisateurs,cn=Builtin,dc=w2k12,dc=test
DN: cn=DnsUpdateProxy,cn=groups,dc=w2k12,dc=test
  description: DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
DN: cn=Utilisateurs de gestion à distance,cn=Builtin,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine clonables,cn=users,dc=w2k12,dc=test
DN: cn=Serveurs Accès Distant RDS,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs RDS Endpoint,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs Gestion RDS,cn=Builtin,dc=w2k12,dc=test
DN: cn=WinRMRemoteWMIUsers__,cn=users,dc=w2k12,dc=test
DN: cn=testgroup,cn=users,dc=w2k12,dc=test
DN: cn=Administrateurs Hyper-V,cn=Builtin,dc=w2k12,dc=test

OK - UCS 4.0-0
OK - YAML
Comment 5 Janek Walkenhorst univentionstaff 2014-09-10 17:40:11 CEST
http://errata.univention.de/ucs/3.2/197.html