Univention Bugzilla – Bug 40858
Write-protect critical system accounts / LDAP-objects
Last modified: 2018-06-21 09:22:55 CEST
Bug 31167 / Bug 37654 introduced the objectFlag / univentionObjectFlag attribute supporting the values "hidden" and "functional". As originally proposed by Sönke, we should also support "system" and make UDM protect object attributed as such to avoid accidental deletion or renaming. Bug 32871 added the "hidden" flag to a couple of builtin user and group accounts. For example for the krbtgt account (Bug 40763) and the dns-service accounts the write protection would be useful. The S4-Connector could possibly map this attribute value to the attribute isCriticalSystemObject: TRUE which is used in Active Directory.
This should be the same bug as Bug 24457. *** This bug has been marked as a duplicate of bug 24457 ***