Bug 41636 – UCC clients can not read themselves in LDAP

Bug 41636 - UCC clients can not read themselves in LDAP


Summary:	UCC clients can not read themselves in LDAP

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	LDAP
Version:	UCS@school 4.1 R2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.1 R2 vXXX
Assigned To:	Florian Best
QA Contact:	Sönke Schwardt-Krummrich

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-06-22 13:10 CEST by Erik Damrose
Modified:	2016-10-06 21:11 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.206
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
patch (1.17 KB, patch) 2016-06-22 13:13 CEST, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Damrose

2016-06-22 13:10:34 CEST

The UCC client cannot modify its own boot setting:

root@uccclient:~# /usr/share/univention-ucc-initramfs/scripts/set_boot_variant.sh none
failed to find cn=uccclient,cn=computers,ou=myschool,dc=ucs,dc=local ({'desc': 'No such object'})

Unable to read its own computer object may affect affect other features as well

Comment 1 Florian Best

2016-06-22 13:13:48 CEST

Created attachment 7762 [details]
patch

Probably this patch helps, one should have a further look → this might cause that UCC clients can also read computers in other schools.

Comment 2 Erik Damrose

2016-06-22 13:14:30 CEST

set_boot_variant.sh works with the patch applied

Comment 3 Florian Best

2016-06-22 14:45:50 CEST

Fixed with a different patch.

ucs-school-ldap-acls-master (14.0.1-4):
r70534 | Bug #41636: allow read access to own OU by e.g. UCC clients

ucs-school-ldap-acls-master.yaml:
r70535 | YAML Bug #41636

Comment 4 Erik Damrose

2016-06-22 15:19:24 CEST

Rollout / set_boot_variant.sh also works. No further checks have been done

Comment 5 Sönke Schwardt-Krummrich

2016-07-03 23:41:41 CEST

OK: ACL change
OK: YAML

Comment 6 Sönke Schwardt-Krummrich

2016-07-04 12:06:50 CEST

UCS@school 4.1 R2 v2 has been released.

If this error occurs again, please clone this bug.