Bug 45026 – [RESTful Import API] ext attr for groups to manage remote import ACLs

Bug 45026 - [RESTful Import API] ext attr for groups to manage remote import ACLs


Summary:	[RESTful Import API] ext attr for groups to manage remote import ACLs

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	HTTP-API (Kelvin)
Version:	UCS@school 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.2 (HTTP-API-MVP)
Assigned To:	Florian Best
QA Contact:	Daniel Tröder

URL:
Keywords:

Depends on:
Blocks:	45021 45024
	Show dependency tree / graph

Reported:	2017-07-17 15:01 CEST by Daniel Tröder
Modified:	2017-12-21 12:23 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2017-07-17 15:01:32 CEST

Create extended attributes for UCS@school groups that will hold information to implement simple ACLs regarding remote UCS@school imports.

Currently two multi-value attributes are needed:
* ucsschoolImportSchools: schuleA, schuleB, ..
* ucsschoolImportTypes: teachers, students, ..

The attributes should be attachable to UCS@school groups below school OUs:
cn=import-teacher-XY,cn=group,ou=XY,$LDAPBASE

The two attribute lists should be manageable with drop-downs in a separate UMC tab "Import". The drop-down for ucsschoolImportSchools should list the OUs displayName, ucsschoolImportTypes' list should be localized.

Comment 1 Daniel Tröder

2017-07-26 12:33:25 CEST

In 40ucs-school-import-http-api.inst is a placeholder for the calls to ucs_registerLDAPExtension and udm settings/extended_attribute...

Comment 2 Florian Best

2017-07-27 14:06:45 CEST

ucs-school-import (15.0.0-14):
r81432 | Bug #45026: add object class, attributes for UCS@school groups

Comment 3 Daniel Tröder

2017-08-08 17:04:21 CEST

Please change the naming of "UCS@school Group" to something like "UCS@school Import Permissions".

Comment 4 Florian Best

2017-08-14 13:12:19 CEST

ucs-school-import (15.0.0-33):
r81899 | Bug #45026: kill univention-cli-server so that newly extended attributes are evaluated
r81873 | Bug #45026: move to other join script
r81861 | Bug #45026: rename ucsschoolImportType into ucsschoolImportRole
r81432 | Bug #45026: add object class, attributes for UCS@school groups
ucs-school-import (15.0.0-33):
r81866 | Bug #45044: fix FTBFS
r81864 | Bug #45044: fix FTBFS
r81863 | Bug #45044: Transform joinscript into bash
r81860 | Bug #45044: create UCS@school import groups automatically at school creation

Comment 5 Sönke Schwardt-Krummrich

2017-09-13 20:48:56 CEST

(In reply to Daniel Tröder from comment #3)
> Please change the naming of "UCS@school Group" to something like "UCS@school
> Import Permissions".

→ I second that. "UCS@school Group" is confusing in that way as the customer might think, that these group are something like working groups or classes.
→ I think the suggestion "UCS@school Import Permissions" fits best because 
  that's what added by this option to the groups/group object.
→ REOPEN

Comment 6 Florian Best

2017-09-25 14:06:16 CEST

Ok, I renamed the object class, descriptions and UMC group names.

ucs-school-import (15.0.0-45):
a34bb54c3667 | Bug #45026: change names/description of import group object class
057f4391059e | Bug #45026: rename object class into ucsschoolImportGroup

Comment 7 Daniel Tröder

2017-09-26 17:05:05 CEST

All changes look good and were manually tested.

Comment 8 Sönke Schwardt-Krummrich

2017-12-21 12:23:01 CET

UCS@school 4.2 v6 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.2v6-de.html

If this error occurs again, please clone this bug.