Univention Bugzilla – Bug 43005
UDM allows to add arbitrary invalid DNs as group member
Last modified: 2019-02-06 11:24:24 CET
Reported by a customer: One can add arbitrary, even non-existing DNs as members in groups: # udm groups/group modify --dn "cn=Domain Users,cn=groups,$ldap_base" --append users="cn=blabla,$ldap_base" Object modified: cn=Domain Users,cn=groups,dc=sfwg,dc=local The groups/group module adds this DN to the "uniqueMember" multivalue but memberUid is empty. The object is shown as "member" of the group even in UMC.
From Bug #38317 > We have to be careful with such a change. The connector needs to set users to groups which don't exists yet.
*** Bug 38317 has been marked as a duplicate of this bug. ***
(In reply to Florian Best from comment #1) > From Bug #38317 > > We have to be careful with such a change. The connector needs to set users to groups which don't exists yet. Would be nice to have this as a "special behaviour" so that an arbitraty user can't mess up the LDAP.
*** Bug 25482 has been marked as a duplicate of this bug. ***
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.