Bug 41824 – Object class violation: attribute 'ownCloudEnabled' not allowed

Bug 41824 - Object class violation: attribute 'ownCloudEnabled' not allowed


Summary:	Object class violation: attribute 'ownCloudEnabled' not allowed

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-3-errata
Assigned To:	Florian Best
QA Contact:	Stefan Gohmann

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-07-20 12:23 CEST by Florian Best
Modified:	2016-09-29 17:31 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	7: Crash: Bug causes crash or data loss
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.600
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Error handling, External feedback
Max CVSS v3 score:

Flags:	best: Patch_Available+

Attachments
patch (1.59 KB, patch) 2016-07-20 12:37 CEST, Florian Best	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2016-07-20 12:23:44 CEST

# udm users/user modify --dn uid=foo,ou=users,dc=foo --set owncloudEnabled=1
LDAP Error: Object class violation: attribute 'ownCloudEnabled' not allowed

The mechanism to detect the new object classes for a object doesn't consider a special exception:
Having a User with the following attributes causes the object classes to not being changeable:
objectClass: univentionManageCertificates
userCertificate;binary:: …

Here is a quick working hotfix:
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py
index d527575..3cde05b 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/__init__.py
@@ -852,7 +852,7 @@ def _ldap_object_classes(self, ml):
                for attr, val in newattr.items():
                        if not val:
                                continue
-                       if attr.lower() not in allowed:
+                       if attr.lower() not in allowed and re.sub(';binary$', '', attr).lower() not in allowed:
                                univention.debug.debug(univention.debug.ADMIN, univention.debug.WARN, 'The attribute %r is not allowed by any object class.' % (attr,))
                                # ml.append((attr, val, [])) # TODO: Remove the now invalid attribute instead
                                return ml

Comment 1 Florian Best

2016-07-20 12:37:17 CEST

Created attachment 7817 [details]
patch

Comment 2 Florian Best

2016-08-15 17:35:43 CEST

univention-directory-manager-modules (11.0.3-29):
r71613 | Bug #41824: respect ';binary' suffixed attribute names

univention-directory-manager-modules.yaml:
r71615 | YAML Bug #41824 Bug #41829 Bug #41899

UCS 4.2:
univention-directory-manager-modules (12.0.1-1):
r71610 | Bug #41824: respect ';binary' suffixed attribute names

Comment 3 Stefan Gohmann

2016-08-17 09:57:59 CEST

Code review: OK

YAML: OK

Tests: OK, I was able to reproduce it with the old version. It works with the patched version.

ucs-test: OK

Comment 4 Janek Walkenhorst

2016-08-18 15:15:35 CEST

<http://errata.software-univention.de/ucs/4.1/235.html>