Univention Bugzilla – Bug 37904
It's not possible to search for GID number
Last modified: 2016-09-14 12:40:33 CEST
Noted during a technical training: It's not possible to search by GID:
- Open the "Groups" module in the UMC
- Select "Advanced Options" and the property "Group ID"
- Enter thr GID of an existing group (e.g. 5001 which is usually Domain Users")
-> No result in found.
univention-ldapsearch 'gidNumber=5001' → works
univention-ldapsearch 'gidNumber=*5001* → does not work
UMC puts every search value into '*' for each search string automatically.
(In reply to Florian Best from comment #1)
> univention-ldapsearch 'gidNumber=5001' → works
> univention-ldapsearch 'gidNumber=*5001* → does not work
> UMC puts every search value into '*' for each search string automatically.
It would be thus good to only search for '*...*' for specific attributes. Or could we defer it from the syntax type? The user's gidNumber is univention.admin.syntax.integer.
(In reply to Alexander Kläser from comment #2)
> > univention-ldapsearch 'gidNumber=5001' → works
> > univention-ldapsearch 'gidNumber=*5001* → does not work
> It would be thus good to only search for '*...*' for specific attributes. Or
> could we defer it from the syntax type? The user's gidNumber is
Another idea would be to construct the search filter like this: '(|(gidNumber=5001)(gidNumber=*5001*)'
(In reply to Florian Best from comment #3)
> Another idea would be to construct the search filter like this:
Ahh... nice idea :) . This could indeed help!
*** Bug 30190 has been marked as a duplicate of this bug. ***
Bug #30533 suggests to allow quoted strings like "test" to not make a substring query. Ofc. this is not usable for the GID but could also be adjusted.
Whether *5001* finds 5001 or not is defined in the underlying LDAP schema. When known, it is possible to do a "smart search".
It may be difficult to read the schema (cn=schema or cn=config or something like that). I do not know whether we would need to adjust ACLs.
Although slapd.conf should include all of the definitions, too. And UMC-UDM is installed on DC Master / DC Backup only.
(In fact, I think it is cn=config XOR slapd.conf and we use the latter)
Adapted filter to search for:
Another candidate is e.g. DHCP-Pool: Failover Peer.
You can find a lot more in:
rgrep caseIgnoreIA5Match /usr/share/univention-ldap/schema
r67918 | Bug #37904: fix searching for caseIgnoreIA5Match values
r67919 | YAML Bug #37904
Die Ausführung des Kommandos udm/query groups/group ist fehlgeschlagen:
Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run
tmp = self._function()
File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__
return self._function( *tmp, **self._kwargs )
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 536, in _thread
result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden)
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 86, in _decorated
return method(*args, **kwargs)
File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 135, in _decorated
result = func(*args, **kwargs)
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 471, in search
result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit)
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 1098, in lookup
for dn, attrs in lo.search(unicode(filter), base, scope, , unique, required, timeout, sizelimit):
File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 359, in search
raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter))
ldapError: Bad search filter: (&(cn=*)(|(&(objectClass=univentionGroup))(&(objectClass=sambaGroupMapping)))(&(!(univentionObjectFlag=hidden))(|(sambaRID=*)(=))))
How to reproduce:
- Open the "Groups" module in the UMC
- Select "Advanced Options" and the property "Relative ID"
- Search for '*' without the quotes
r68039 | Bug #37904: fix Bad search filter exception if searching for '*'
Changes: OK, search is working as expected.
YAML: OK. (Updated version r68041)
*** Bug 29711 has been marked as a duplicate of this bug. ***