Univention Bugzilla – Bug 41124
Adjust package ucs-school-umc-groups
Last modified: 2016-07-04 16:56:26 CEST
The package ucs-school-umc-groups has to be adjusted to work with the new attributes/object classes.
ucs-school-umc-groups (6.0.0-1): r69673 | Bug #41124: support school overlapping users The logic of the module when assigning members of a groups had to be adjusted: * For the 'workgroup-admin' module all member DN's regardless of what type it is are send to the frontend. The frontend send the modified list back. Bug previously here was that all non-readable objects where dropped from the group when doing a modification; aka. school foreign users and users/computers where one doesn't have read permissions. This can be improved further by using the same LDAP bind user for reading and writing the group in schooladmin and doing an intelligent filtering. * This intelligent filtering exists for the 'workgroup' and for the 'class' flavor but needed also to be adjusted to not drop foreign school users / users where one has no read permissions. IMHO the handling is also kind of a security issue as users in 'workgroup-admin' are allowed to add any object to the group (dn=admin, all computers, etc.). and users in the other flavors can add users from schools where they don't even belong to. Please REOPEN if you think this should be adjusted now.
I will adjust that behavior in Bug #40539.
Work on this has been moved to Bug #40539.
UCS@school 4.1 R2 has been released: http://docs.software-univention.de/release-notes-ucsschool-4.1R2v1-de.pdf If this error occurs again, please use "Clone This Bug".