Bug 40858 - Write-protect critical system accounts / LDAP-objects
Summary: Write-protect critical system accounts / LDAP-objects
Status: RESOLVED DUPLICATE of bug 24457
Alias: None
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
Version: UCS 4.1
Hardware: Other Linux
: P5 enhancement
Target Milestone: ---
Assignee: UMC maintainers
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-08 15:06 CET by Arvid Requate
Modified: 2018-06-21 09:22 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Further conceptual development
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2016-03-08 15:06:55 CET 
Bug 31167 / Bug 37654 introduced the objectFlag / univentionObjectFlag attribute supporting the values "hidden" and "functional". As originally proposed by Sönke, we should also support "system" and make UDM protect object attributed as such to avoid accidental deletion or renaming.

Bug 32871 added the "hidden" flag to a couple of builtin user and group accounts.

For example for the krbtgt account (Bug 40763) and the dns-service accounts the write protection would be useful. The S4-Connector could possibly map this attribute value to the attribute isCriticalSystemObject: TRUE which is used in Active Directory.
Comment 1 Alexander Kläser univentionstaff 2016-04-14 13:28:13 CEST 
This should be the same bug as Bug 24457.

*** This bug has been marked as a duplicate of bug 24457 ***