Bug 41041 - UCS_Server syntax lists Docker Containers
UCS_Server syntax lists Docker Containers
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-1-errata
Assigned To: Dirk Wiesenthal
Florian Best
Depends on:
  Show dependency treegraph
Reported: 2016-04-13 03:07 CEST by Dirk Wiesenthal
Modified: 2016-04-13 14:55 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2016-04-13 03:07:39 CEST
... but it most probably should not.

One may have to have a look at every attribute, but Docker Containers are somewhat "hidden", i.e., they do not count as full hosts, but instead they provide services for the Docker Host they are installed on.

Seen in shares, but also holds for user's MailHomeServer and so on.

One should just add:
  udm_filter = '!(univentionObjectFlag=docker)'
Comment 1 Dirk Wiesenthal univentionstaff 2016-04-13 03:28:23 CEST
I have just added the filter to every syntax class that used "computers/*" modules. No exception.

QA: Is there any reason to include the Docker Containers in any syntax? Maybe the nagios one? But normally, these computers are not accessible from outside.

  univention-directory-manager-modules 11.0.2-25.1380.201604130322
Comment 2 Florian Best univentionstaff 2016-04-13 08:14:31 CEST
OK: every syntax class exclude docker containers now:
for i in LDAP_Server HostDN IComputer_FQDN DomainController Windows_Server UCS_Server ServicePrint_FQDN MailHomeServer ServiceMail ServicePrint mailHomeServer nagiosHostsEnabledDn; do
  curl 'https://Administrator:univention@localhost/univention-management-console/command/udm/syntax/choices' -H 'Content-Type: application/json' -H 'X-Requested-With: XMLHttpRequest' --data-binary '{"options":{"syntax":"'$i'"}}' -ks | python -m json.tool;
done | less

Code-Review: Please add a correct LDAP filter next time (it's only luck that it works because most functions pass the filter through univention.admin.filter.parse() while there is one case where the brackets aren't automatically added (in udm_ldap.py +1269)):

>>> from univention.management.console.modules.udm import udm_ldap
>>> univention.management.console.modules.udm.udm_ldap.set_bind_function(lambda lo: lo.bind('uid=Administrator,cn=users,dc=school,dc=local', 'univention'))
>>> import univention.admin.syntax
>>> lo,po = univention.admin.uldap.getMachineConnection()
>>> lo.search(udm_ldap._create_ldap_filter(univention.admin.syntax.LDAP_Server(), {}))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 359, in search
    raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter))
univention.admin.uexceptions.ldapError: Bad search filter: !(univentionObjectFlag=docker)

Comment 3 Janek Walkenhorst univentionstaff 2016-04-13 14:55:32 CEST