Comment 1 Florian Best 2015-03-03 13:23:17 CET

univention-ldapsearch 'gidNumber=5001' → works
univention-ldapsearch 'gidNumber=*5001* → does not work

UMC puts every search value into '*' for each search string automatically.

Comment 2 Alexander Kläser 2015-03-04 10:57:22 CET

(In reply to Florian Best from comment #1)
> univention-ldapsearch 'gidNumber=5001' → works
> univention-ldapsearch 'gidNumber=*5001* → does not work
> 
> UMC puts every search value into '*' for each search string automatically.

It would be thus good to only search for '*...*' for specific attributes. Or could we defer it from the syntax type? The user's gidNumber is univention.admin.syntax.integer.

Comment 3 Florian Best 2015-03-25 13:06:02 CET

(In reply to Alexander Kläser from comment #2)
> > univention-ldapsearch 'gidNumber=5001' → works
> > univention-ldapsearch 'gidNumber=*5001* → does not work

> It would be thus good to only search for '*...*' for specific attributes. Or
> could we defer it from the syntax type? The user's gidNumber is
> univention.admin.syntax.integer.

Another idea would be to construct the search filter like this: '(|(gidNumber=5001)(gidNumber=*5001*)'

Comment 4 Alexander Kläser 2015-03-25 13:15:51 CET

(In reply to Florian Best from comment #3)
> Another idea would be to construct the search filter like this:
> '(|(gidNumber=5001)(gidNumber=*5001*)'

Ahh... nice idea :) . This could indeed help!

Comment 5 Florian Best 2015-05-08 17:23:34 CEST

*** Bug 30190 has been marked as a duplicate of this bug. ***

Comment 6 Florian Best 2015-05-08 17:25:06 CEST

Bug #30533 suggests to allow quoted strings like "test" to not make a substring query. Ofc. this is not usable for the GID but could also be adjusted.

Comment 7 Dirk Wiesenthal 2016-02-19 20:35:34 CET

Whether *5001* finds 5001 or not is defined in the underlying LDAP schema. When known, it is possible to do a "smart search".

EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch

finds it

EQUALITY integerMatch

does not.

It may be difficult to read the schema (cn=schema or cn=config or something like that). I do not know whether we would need to adjust ACLs.

Although slapd.conf should include all of the definitions, too. And UMC-UDM is installed on DC Master / DC Backup only.

(In fact, I think it is cn=config XOR slapd.conf and we use the latter)

Comment 8 Florian Best 2016-03-04 15:25:41 CET

Adapted filter to search for:
'(|(gidNumber=5001)(gidNumber=*5001*)'

Another candidate is e.g. DHCP-Pool: Failover Peer.

You can find a lot more in:
rgrep caseIgnoreIA5Match /usr/share/univention-ldap/schema

univention-management-console-module-udm (6.0.11-8):
r67918 | Bug #37904: fix searching for caseIgnoreIA5Match values

univention-management-console-module-udm.yaml:
r67919 | YAML Bug #37904

Comment 9 Jürn Brodersen 2016-03-11 10:47:46 CET

Die Ausführung des Kommandos udm/query groups/group ist fehlgeschlagen:

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run
    tmp = self._function()
  File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__
    return self._function( *tmp, **self._kwargs )
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 536, in _thread
    result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 86, in _decorated
    return method(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 135, in _decorated
    result = func(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 471, in search
    result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 1098, in lookup
    for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 359, in search
    raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter))
ldapError: Bad search filter: (&(cn=*)(|(&(objectClass=univentionGroup))(&(objectClass=sambaGroupMapping)))(&(!(univentionObjectFlag=hidden))(|(sambaRID=*)(=))))


How to reproduce:
- Open the "Groups" module in the UMC
- Select "Advanced Options" and the property "Relative ID"
- Search for '*' without the quotes

Comment 10 Florian Best 2016-03-11 12:19:13 CET

r68039 | Bug #37904: fix Bad search filter exception if searching for '*'

Comment 11 Jürn Brodersen 2016-03-11 15:53:38 CET

Changes: OK, search is working as expected.
YAML: OK. (Updated version r68041)

→ VERIFIED

Comment 12 Florian Best 2016-03-18 06:45:26 CET

<http://errata.software-univention.de/ucs/4.1/133.html>

Comment 13 Florian Best 2016-05-09 08:48:15 CEST

*** Bug 29711 has been marked as a duplicate of this bug. ***