Univention Bugzilla – Bug 40529
75_ldap_acls_* fail
Last modified: 2017-07-17 14:02:39 CEST
http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20Singleserver/lastCompletedBuild/SambaVersion=s3/testReport/90_ucsschool/75_ldap_acls_teacher_and_staff/test/ http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20Singleserver/lastCompletedBuild/SambaVersion=s3/testReport/90_ucsschool/75_ldap_acls_teachers/test/ http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20Singleserver/lastCompletedBuild/SambaVersion=s3/testReport/90_ucsschool/75_ldap_acls_staff/test/ http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20Singleserver/lastCompletedBuild/SambaVersion=s3/testReport/90_ucsschool/75_ldap_acls_admins/test/ It seems nowadays the DC Slave objects have more permissions than some time ago.
Traceback (most recent call last): File "75_ldap_acls_teacher_and_staff", line 56, in <module> main() File "75_ldap_acls_teacher_and_staff", line 36, in main acl.assert_room(room.dn(), 'write') File "/usr/share/ucs-test/90_ucsschool/essential/acl.py", line 239, in assert_room self.assert_acl(target_dn, access, attrs, access_allowance='DENIED') File "/usr/share/ucs-test/90_ucsschool/essential/acl.py", line 157, in assert_acl access, self.auth_dn, target_dn, result)) essential.acl.FailAcl: Access (write) by (uid=hq17jol8tb,cn=lehrer und mitarbeiter,cn=users,ou=dr6c,dc=autotest200,dc=local) to (cn=tg602273nb,cn=raeume,cn=groups,ou=dr6c,dc=autotest200,dc=local) not expected 'write access to structuralObjectClass: ALLOWED'
This affects only the meta-attributes. It seems the output changed from slapd 2.4.40-1.211.201511242052 and slapd 2.4.42+dfsg-2.210.201511060842. Fixed by removing the meta attributes. Should be okay. ucs-test-ucsschool (3.0.5-7): r67054 | Bug #40529: remove meta attributes from LDAP ACL checks r67053 | Bug #40529: remove meta attributes from LDAP ACL checks
OK: automatic tests pass: - 75_ldap_acls_admins - 75_ldap_acls_nonedu_server - 75_ldap_acls_staff - 75_ldap_acls_teacher_and_staff - 75_ldap_acls_teachers (Where they failed recently, it is because of an unrelated HTTP 511 error.)