Bug 42335 – User Template: Primary Group default value

Bug 42335 - User Template: Primary Group default value


Summary:	User Template: Primary Group default value

Status:	REOPENED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Users
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Depends on:	48811
Blocks:	42449
	Show dependency tree / graph

Reported:	2016-09-09 12:23 CEST by Hendrik Peter
Modified:	2019-02-27 18:02 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hendrik Peter

2016-09-09 12:23:07 CEST

The default value in every Primary Group selection is 
the value set in the attribute Default Primary Group.
(Can be changed via  Domain->LDAP directory->univention->default|Primary Groups)
(Example selection: Users->Administrator|Groups->Primary group)

The default value for the Primary Group selection when creating a new User Template via the LDAP directory in folder
univention->templates
, is the first entry in the Groups list (Account Operators by default), though.

This can lead to major problems, if the Administrator creating the Template 
expects the preset Primary Group to be the value,
which is preset in every other selection (Default Primary Group value [Domain Users] by default)

Comment 1 Philipp Hahn

2018-10-11 17:55:31 CEST

Again

UCS Technical training 2018-10-09

Comment 2 Philipp Hahn

2018-11-30 18:55:01 CET

git:management/univention-directory-manager-modules/modules/univention/admin/handlers/settings/usertemplate.py
306 »···'primaryGroup': univention.admin.property(
...
309 »···»···syntax=univention.admin.syntax.GroupDN,
310 »···»···one_only=True,
313 »···»···required=False,                                                                                                                                                        
...

The property is marked as "not required", but the combo-box-drop-down does not allow to select no group; as such the user template always contains an explicit setting for the primary group if the template is created via UMC.

Using the CLI on the other hand it is possible to create a user template without any "primary group" set:

  udm settings/usertemplate create \
  --position "cn=templates,cn=univention,$(ucr get ldap/base)" \
  --set name=bug42335

with that template the "users/user" udm module then correctly fills in its default group, e.g. "Domain users" (or whatever is configured in "udm settings/default  list")

Comment 3 Philipp Hahn

2018-11-30 18:55:31 CET

UCS technical training 2018-11-29

Comment 4 Stefan Gohmann

2019-01-03 07:18:17 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.

Comment 5 Philipp Hahn

2019-02-14 16:00:50 CET

UCS technical training 2019-01-29