Bug 40858 – Write-protect critical system accounts / LDAP-objects

Bug 40858 - Write-protect critical system accounts / LDAP-objects


Summary:	Write-protect critical system accounts / LDAP-objects

Status:	RESOLVED DUPLICATE of bug 24457

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-03-08 15:06 CET by Arvid Requate
Modified:	2018-06-21 09:22 CEST (History)
CC List:	1 user (show)

See Also:	40763
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Further conceptual development
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2016-03-08 15:06:55 CET

Bug 31167 / Bug 37654 introduced the objectFlag / univentionObjectFlag attribute supporting the values "hidden" and "functional". As originally proposed by Sönke, we should also support "system" and make UDM protect object attributed as such to avoid accidental deletion or renaming.

Bug 32871 added the "hidden" flag to a couple of builtin user and group accounts.

For example for the krbtgt account (Bug 40763) and the dns-service accounts the write protection would be useful. The S4-Connector could possibly map this attribute value to the attribute isCriticalSystemObject: TRUE which is used in Active Directory.

Comment 1 Alexander Kläser

2016-04-14 13:28:13 CEST

This should be the same bug as Bug 24457.

*** This bug has been marked as a duplicate of bug 24457 ***