Univention Bugzilla – Bug 37904
It's not possible to search for GID number
Last modified: 2016-09-14 12:40:33 CEST
Noted during a technical training: It's not possible to search by GID: - Open the "Groups" module in the UMC - Select "Advanced Options" and the property "Group ID" - Enter thr GID of an existing group (e.g. 5001 which is usually Domain Users") -> No result in found.
univention-ldapsearch 'gidNumber=5001' → works univention-ldapsearch 'gidNumber=*5001* → does not work UMC puts every search value into '*' for each search string automatically.
(In reply to Florian Best from comment #1) > univention-ldapsearch 'gidNumber=5001' → works > univention-ldapsearch 'gidNumber=*5001* → does not work > > UMC puts every search value into '*' for each search string automatically. It would be thus good to only search for '*...*' for specific attributes. Or could we defer it from the syntax type? The user's gidNumber is univention.admin.syntax.integer.
(In reply to Alexander Kläser from comment #2) > > univention-ldapsearch 'gidNumber=5001' → works > > univention-ldapsearch 'gidNumber=*5001* → does not work > It would be thus good to only search for '*...*' for specific attributes. Or > could we defer it from the syntax type? The user's gidNumber is > univention.admin.syntax.integer. Another idea would be to construct the search filter like this: '(|(gidNumber=5001)(gidNumber=*5001*)'
(In reply to Florian Best from comment #3) > Another idea would be to construct the search filter like this: > '(|(gidNumber=5001)(gidNumber=*5001*)' Ahh... nice idea :) . This could indeed help!
*** Bug 30190 has been marked as a duplicate of this bug. ***
Bug #30533 suggests to allow quoted strings like "test" to not make a substring query. Ofc. this is not usable for the GID but could also be adjusted.
Whether *5001* finds 5001 or not is defined in the underlying LDAP schema. When known, it is possible to do a "smart search". EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch finds it EQUALITY integerMatch does not. It may be difficult to read the schema (cn=schema or cn=config or something like that). I do not know whether we would need to adjust ACLs. Although slapd.conf should include all of the definitions, too. And UMC-UDM is installed on DC Master / DC Backup only. (In fact, I think it is cn=config XOR slapd.conf and we use the latter)
Adapted filter to search for: '(|(gidNumber=5001)(gidNumber=*5001*)' Another candidate is e.g. DHCP-Pool: Failover Peer. You can find a lot more in: rgrep caseIgnoreIA5Match /usr/share/univention-ldap/schema univention-management-console-module-udm (6.0.11-8): r67918 | Bug #37904: fix searching for caseIgnoreIA5Match values univention-management-console-module-udm.yaml: r67919 | YAML Bug #37904
Die Ausführung des Kommandos udm/query groups/group ist fehlgeschlagen: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 536, in _thread result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 86, in _decorated return method(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 135, in _decorated result = func(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 471, in search result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 1098, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 359, in search raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter)) ldapError: Bad search filter: (&(cn=*)(|(&(objectClass=univentionGroup))(&(objectClass=sambaGroupMapping)))(&(!(univentionObjectFlag=hidden))(|(sambaRID=*)(=)))) How to reproduce: - Open the "Groups" module in the UMC - Select "Advanced Options" and the property "Relative ID" - Search for '*' without the quotes
r68039 | Bug #37904: fix Bad search filter exception if searching for '*'
Changes: OK, search is working as expected. YAML: OK. (Updated version r68041) → VERIFIED
<http://errata.software-univention.de/ucs/4.1/133.html>
*** Bug 29711 has been marked as a duplicate of this bug. ***