Comment 1 Arvid Requate 2016-03-08 14:59:09 CET

AFAIK the objectFlag / univentionObjectFlag value "functional" was introduced to ignore uses from the license count, maybe the implementer achieved this goal by adding the line

 and not 'functional' in attr.get('univentionObjectFlag',[])

to the identify function of the UDM users/user module. This is "not optimal".

Comment 2 Florian Best 2016-03-08 15:04:32 CET

Ahh, now I understand.
Maybe hidden would have been sufficient in my case (I don't know).

Comment 3 Arvid Requate 2016-03-08 15:18:58 CET

But still I consider this a bug. The objectFlag is not "hidden" or whatever but "functional", which must *only* exclude it from the license count.

Comment 4 Erik Damrose 2016-03-08 15:30:30 CET

The requirement at the time was, that a functional user should also be hidden, even if the name suggests otherwise.

Comment 5 Arvid Requate 2016-03-08 16:00:15 CET

univentionObjectFlag is multivalue.

Comment 6 Florian Best 2016-03-10 08:11:55 CET

We should adjust UMC and UDM-CLI to just don't list them. And then remove the broken identification. Otherwise one cannot even change those users easily.

Comment 7 Arvid Requate 2016-03-10 14:00:21 CET

Why not just additionally flag them as hidden?

===========================================================================
#!/bin/bash
eval "$(ucr shell)"

ldif="$(univention-ldapsearch -xLLL \
        '(&(univentionObjectFlag=functional)(!(univentionObjectFlag=hidden)))' \
       )

relevant_dns=$(sed -n 's/^dn: //p' <<<"$ldif")

while read dn; do

ldapmodify -x -D "cn=admin,$ldap_base" -y /etc/ldap.secret <<-%EOR
dn: $dn
changetype: modify
add: univentionObjectFlag
univentionObjectFlag: hidden
%EOR

done <<<"$relevant_dns"
===========================================================================

Comment 8 Florian Best 2016-03-10 14:05:37 CET

(In reply to Arvid Requate from comment #7)
> Why not just additionally flag them as hidden?
Maybe because they are not really hidden then? Currently you cannot see those users in UMC at all. If you change this and activate the 'show hidden' checkbox in UMC you will see them again. Also on the CLI they are currently "really" hidden.

Comment 9 Alexander Kläser 2016-04-18 14:12:35 CEST

(In reply to Florian Best from comment #6)
> We should adjust UMC and UDM-CLI to just don't list them. And then remove
> the broken identification. Otherwise one cannot even change those users
> easily.

I think it is fine to have *all* users displayed via UDM-CLI. Why should such a user be excluded? I see primary reasons for usability with UMC, not for the CLI.

Comment 10 Arvid Requate 2016-04-18 14:39:32 CEST

> I think it is fine to have *all* users displayed via UDM-CLI.

No objections.

Comment 11 Florian Best 2017-10-18 12:37:57 CEST

@Andreas: My suggested solution might not work due to this bug.

Comment 12 Stefan Gohmann 2019-01-03 07:18:32 CET

This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016.

Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.

Comment 13 Florian Best 2020-07-08 22:08:22 CEST

Still causing trouble in UCS 5.0. See also Bug #51653.