Bug 45538 – ucs-school-import schema: OID collision

Bug 45538 - ucs-school-import schema: OID collision


Summary:	ucs-school-import schema: OID collision

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	LDAP
Version:	UCS@school 4.2
Hardware:	Other Linux

Importance:	P5 major (vote)
Target Milestone:	UCS@school 4.4 v1
Assigned To:	Sönke Schwardt-Krummrich
QA Contact:	Jürn Brodersen

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2017-10-13 16:16 CEST by Sönke Schwardt-Krummrich
Modified:	2019-03-12 10:58 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	5: Will affect all installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.171
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
test results from master (858 bytes, application/x-compressed-tar) 2019-01-23 16:08 CET, Sönke Schwardt-Krummrich	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2017-10-13 16:16:09 CEST

We have an OID collision in ucs-school-import/schema/ucs-school-import.schema:

objectIdentifier univentionSchool 1.3.6.1.4.1.10176.4000.2

attributetype ( univentionSchool:53.5
        NAME 'ucsschoolSourceUID'
        DESC 'Identifier of external database from which the user was imported.'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

objectclass ( univentionSchool:53.5 NAME 'ucsschoolExam'
        DESC 'auxiliary class for exam users'
        SUP ucsschoolType AUXILIARY )

Comment 1 Sönke Schwardt-Krummrich

2017-10-19 10:58:31 CEST

We have to check if it is possible to change the OID of either the attribute or the objectclass without problems with existing data/ldapsearch/indices/replication/...

Comment 2 Daniel Tröder

2018-06-22 11:20:00 CEST

objectclass ucsschoolAdministratorGroup and
objectclass ucsschoolImportGroup
    have
SUP ucsschoolType
    which gives them attributes
MAY ( ucsschoolSchool $ ucsschoolSourceUID $ ucsschoolRecordUID $ ucsschoolPurgeTimestamp ) )
    all of which they do not use or need.

Comment 3 Sönke Schwardt-Krummrich

2018-06-25 14:33:12 CEST

(In reply to Daniel Tröder from comment #2)
> objectclass ucsschoolAdministratorGroup and
> objectclass ucsschoolImportGroup
>     have
> SUP ucsschoolType
>     which gives them attributes
> MAY ( ucsschoolSchool $ ucsschoolSourceUID $ ucsschoolRecordUID $
> ucsschoolPurgeTimestamp ) )
>     all of which they do not use or need.
→ please check if this change is still required.

Comment 4 Sönke Schwardt-Krummrich

2018-06-25 14:34:20 CEST

When changing the OID of ucsschoolExam, a rebuild of at least the objeclass index is required → bug deferred until next major UCS@school release.

Comment 5 Sönke Schwardt-Krummrich

2019-01-23 16:06:19 CET

I created some users (anton1...anton12) and added the objectclass and the attribute to some of them (all permutations).

root@master122:~# cat > testOID.sh <<EOF
#!/bin/sh -x
ldapsearch -x -s base -o ldif-wrap=no -b cn=Subschema 'objectClass=subschema' objectClasses attributeTypes matchingRules matichingRuleUse dITStructureRules dITContentRules nameForms ldapSyntaxes  | egrep "'(ucsschoolExam|ucsschoolSourceUID|53.10|53.5)'"
univention-ldapsearch 'uid=anton*' -LLL objectClass ucsschoolSourceUID | egrep '^(dn: |objectClass: ucsschoolExam|ucsschoolSourceUID:|$)'
univention-ldapsearch objectClass=ucsschoolExam dn -LLL
univention-ldapsearch ucsschoolSourceUid=Bug45538 dn -LLL
univention-ldapsearch ucsschoolSourceUid=foo dn -LLL
EOF
root@master122:~# chmod +x testOID.sh
root@master122:~# ./testOID.sh 2>&1 | tee BEFORE
root@master122:~# dpkg -i ucs-school-import-schema*.deb
root@master122:~# ./testOID.sh 2>&1 | tee AFTER
root@master122:~# diff -u BEFORE AFTER
--- BEFORE      2019-01-10 12:22:16.388000000 +0100
+++ AFTER       2019-01-10 12:37:57.096000000 +0100
@@ -1,7 +1,7 @@
 + egrep '(ucsschoolExam|ucsschoolSourceUID|53.10|53.5)'
 + ldapsearch -x -s base -o ldif-wrap=no -b cn=Subschema objectClass=subschema objectClasses attributeTypes matchingRules matichingRuleUse dITStructureRules dITContentRules nameForms ldapSyntaxes
 attributeTypes: ( 1.3.6.1.4.1.10176.4000.2.53.5 NAME 'ucsschoolSourceUID' DESC 'Identifier of external database from which the user was imported.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-objectClasses: ( 1.3.6.1.4.1.10176.4000.2.53.5 NAME 'ucsschoolExam' DESC 'auxiliary class for exam users' SUP ucsschoolType AUXILIARY )
+objectClasses: ( 1.3.6.1.4.1.10176.4000.2.53.10 NAME 'ucsschoolExam' DESC 'auxiliary class for exam users' SUP ucsschoolType AUXILIARY )
 + egrep ^(dn: |objectClass: ucsschoolExam|ucsschoolSourceUID:|$)
 + univention-ldapsearch uid=anton* -LLL objectClass ucsschoolSourceUID
 dn: uid=anton1,cn=schueler,cn=users,ou=gsmitte,dc=nstx,dc=local
root@master122:~#

same procedure on slave123:

root@slave123:~# diff -u BEFORE AFTER
--- BEFORE      2019-01-10 12:24:16.333165595 +0100
+++ AFTER       2019-01-10 12:40:54.037168589 +0100
@@ -1,7 +1,7 @@
 + egrep '(ucsschoolExam|ucsschoolSourceUID|53.10|53.5)'
 + ldapsearch -x -s base -o ldif-wrap=no -b cn=Subschema objectClass=subschema objectClasses attributeTypes matchingRules matichingRuleUse dITStructureRules dITContentRules nameForms ldapSyntaxes
 attributeTypes: ( 1.3.6.1.4.1.10176.4000.2.53.5 NAME 'ucsschoolSourceUID' DESC 'Identifier of external database from which the user was imported.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-objectClasses: ( 1.3.6.1.4.1.10176.4000.2.53.5 NAME 'ucsschoolExam' DESC 'auxiliary class for exam users' SUP ucsschoolType AUXILIARY )
+objectClasses: ( 1.3.6.1.4.1.10176.4000.2.53.10 NAME 'ucsschoolExam' DESC 'auxiliary class for exam users' SUP ucsschoolType AUXILIARY )
 + egrep ^(dn: |objectClass: ucsschoolExam|ucsschoolSourceUID:|$)
 + univention-ldapsearch uid=anton* -LLL objectClass ucsschoolSourceUID
 dn: uid=anton1,cn=schueler,cn=users,ou=gsmitte,dc=nstx,dc=local
root@slave123:~#

So no slapindex is required since the indices seem to be intact as the same results are returned.
Btw: before changing the OID collision, I also found no problematic behaviour!

Package: ucs-school-import
Version: 16.0.3-1A~4.3.0.201901231601
Branch: ucs_4.3-0
Scope: ucs-school-4.3

fb3034d8a Bug #45538: add advisory
3fbb94cb2 Bug #45538: add changelog entry
3eed3435e Bug #45538: fix OID collision by changing OID of ucsschoolExam

Test results from my master are attached.

Comment 6 Sönke Schwardt-Krummrich

2019-01-23 16:08:14 CET

Created attachment 9817 [details]
test results from master

Comment 7 Sönke Schwardt-Krummrich

2019-01-24 11:49:54 CET

Reverted changes in UCS@school 4.3 and moved them to UCS@school 4.4:

Package: ucs-school-import
Version: 16.0.3-2A~4.3.0.201901241146
Branch: ucs_4.3-0
Scope: ucs-school-4.3

Package: ucs-school-import
Version: 17.0.3-1A~4.4.0.201901241145
Branch: ucs_4.4-0
Scope: ucs-school-4.4

[4.3]
18b389d18 Bug #45538: update advisory
5343b80cb Bug #45538: add changelog entry
dc51a1223 Revert "Bug #45538: add advisory"
5bbd44563 Revert "Bug #45538: fix OID collision by changing OID of ucsschoolExam"

[4.4]
10b2a9a23 Bug #45538: update advisory
d9c2104ec Bug #45538: add advisory
6d4820117 Bug #45538: add changelog entry
2dbe1d0b2 Bug #45538: fix OID collision by changing OID of ucsschoolExam
dc10c314a Bug #48478/#48045/#48236/#48226: fix version numbers

Comment 8 Jürn Brodersen

2019-02-18 11:08:11 CET

What I tested:
Started an exam before the update -> Updated -> Search still works -> OK
Started an exam before the update -> Updated -> Started another exam -> OK
Started an exam before the update -> Updated -> Stopped the exam -> OK

Tests look good
yaml -> OK

-> Verified

Comment 9 Sönke Schwardt-Krummrich

2019-03-12 10:58:49 CET

UCS@school 4.4 v1 has been released.

https://docs.software-univention.de/release-notes-ucsschool-4.4v1-de.html

If this error occurs again, please clone this bug.