Bug 43350 – UDM users should not be able to remove own LDAP object

Bug 43350 - UDM users should not be able to remove own LDAP object


Summary:	UDM users should not be able to remove own LDAP object

Status:	RESOLVED DUPLICATE of bug 42526

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UDM maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-01-17 12:59 CET by Sönke Schwardt-Krummrich
Modified:	2018-04-13 13:29 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2017-01-17 12:59:53 CET

Happened in Web UDM but should also affect UDM CLI:
A domain admin (foo) was logged on in UMC and opened the "users" module and removed its own user object (uid=foo). This leads to LDAP inconsistencies, because the group memberships are modified in ldap_post_remove and the modification is rejected because the LDAP user of the lo object does not exist any longer.
Result:
- the user "foo" is removed
- memberUid and uniqueMember entries are still present at all groups the user 
  was a member of

Comment 1 Florian Best

2017-01-17 13:05:43 CET

Duplicate of Bug #42526 which has a patch attached.

*** This bug has been marked as a duplicate of bug 42526 ***