Univention Bugzilla – Bug 40741
91univention-saml.inst may fail due to extended attributes
Last modified: 2016-03-09 15:51:58 CET
During the creation of the LDAP-Only user for SAML required extended attributes may break the joinscript.
There is also a --ignore_exists missing!
E: Insufficient information
The following parameters are missing:
This causes the joinscript 91univention-saml.inst and 92univention-management-console-web-server.inst to fail.
Replaced with python :) (which ignores extended-attributes if not manually set up).
I hope this will never have side effects due to import errors aka Bug #33359 :D
r67686 | Bug #40741: Update Copyright
r67685 | Bug #40741: don't fail to create SAML user due to extended attributes
r67687 | YAML Bug #40741
*** Bug 40786 has been marked as a duplicate of this bug. ***
(In reply to Florian Best from comment #2)
> *** Bug 40786 has been marked as a duplicate of this bug. ***
Fixed the syntax error by indenting with space instead of tabs.
Now you use the admin user and no longer the join credentials.
Can you give an example with the extended attributes? Do we have an App which requires extended attributes for users?
(In reply to Stefan Gohmann from comment #4)
> Now you use the admin user and no longer the join credentials.
yes. is that really bad?
> Can you give an example with the extended attributes?
eval "$(ucr shell)"; udm settings/extended_attribute create --set name=test --set module=users/user --set ldapMapping=univentionFreeAttributes1 --set objectClass=univentionFreeAttributes --set shortDescription=test --set valueRequired=1 --set mayChange=1 --set CLIName=test --set deleteObjectClass=1 --position "cn=custom attributes,cn=univention,$ldap_base"
> Do we have an App which requires extended attributes for users?
I am not aware of one.
As it is only executed on the DC master it is okay to use cn=admin.
The creation of such extended attributes is prevent by Bug #40824.
r67854 | Bug #40741: test SAML user exists
Code review: OK
YAML: OK (small adjustments: r67970)