Univention Bugzilla – Bug 46466
udm --policy-dereference doesn't remove "objectClass: univentionPolicyReference" if there is no other univentionPolicyReference remaining
Last modified: 2019-04-17 14:07:28 CEST
When one manually removes a reference to a policy (e.g. a non-existing one https://forge.univention.org/bugzilla/show_bug.cgi?id=16966), the objectClass: univentionPolicyReference is not removed on that object. Like so: udm groups/group modify --dn="cn=container,dc=ucs,dc=test" --policy-dereference="cn=example-policy,cn=policies,dc=ucs,dc=test" This results in /usr/share/univention-directory-manager-tools/proof_policies throwing a warning: Warning: found univentionPolicyReference without such Attribute cn=container,dc=ucs,dc=test
This is only relevant for objects that have no univentionPolicyReference attributes left after the above command of course
The objectClass also cannot be removed with udm, because it's not a valid attribute to modify for groups/group or container/cn
Created a patch in branch fbest/47689-46466-unify-policy-reference-handling. It moves the policy handling into the UDM core and removed the object class if no other policy is assigned. Handles all cases (invalid DN syntax, not existing objects, no policy objects, referencing, dereferencing): # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-reference "cn=selfservice-umc-servers,cn=UMC,cn=policies,$ldap_base" Object modified: uid=test,cn=users,dc=dev,dc=local # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-reference "cn=selfservice-umc-servers,cn=UMC,cn=policies,$ldap_base" No modification: uid=test,cn=users,dc=dev,dc=local # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-reference "foo" Invalid syntax: foo OPERATION FAILED # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-dereference "cn=selfservice-umc-servers,cn=UMC,cn=policies,$ldap_base" Object modified: uid=test,cn=users,dc=dev,dc=local # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-dereference "cn=selfservice-umc-servers,cn=UMC,cn=policies,$ldap_base" No modification: uid=test,cn=users,dc=dev,dc=local # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-dereference "foo" Invalid syntax: foo OPERATION FAILED # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-reference "uid=test,cn=users,dc=dev,dc=local" Object is not a policy: uid=test,cn=users,dc=dev,dc=local OPERATION FAILED # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-dereference "uid=test,cn=users,dc=dev,dc=local" No modification: uid=test,cn=users,dc=dev,dc=local # /usr/share/pyshared/univention/admincli/admin.py users/user create --set username=foobar --set password=univention --set lastname=foo --policy-reference "uid=test,cn=users,dc=dev,dc=local" Object is not a policy: uid=test,cn=users,dc=dev,dc=local OPERATION FAILED # /usr/share/pyshared/univention/admincli/admin.py users/user create --set username=foobar --set password=univention --set lastname=foo --policy-reference "foo" Invalid syntax: foo OPERATION FAILED # /usr/share/pyshared/univention/admincli/admin.py users/user create --set username=foobar --set password=univention --set lastname=foo --policy-reference "cn=selfservice-umc-servers,cn=UMC,cn=policies,$ldap_base" Object created: uid=foobar,dc=dev,dc=local # /usr/share/pyshared/univention/admincli/admin.py users/user create --set username=foobar --set password=univention --set lastname=foo --policy-reference "cn=foo" No such object: Policy does not exists cn=foo OPERATION FAILED # /usr/share/pyshared/univention/admincli/admin.py users/user modify --dn uid=test,cn=users,dc=dev,dc=local --policy-reference "cn=foo" No such object: Policy does not exists cn=foo OPERATION FAILED
*** Bug 47689 has been marked as a duplicate of this bug. ***
Branch has been merged. univention-directory-manager-modules (14.0.12-21) 22d25e871499 | Bug #46466: remove object class univentionPolicyReference if no policy is assigned univention-directory-manager-modules.yaml d64db1ed55b9 | YAML Bug #46466
What I tested: Created a user with a policy reference -> OK Created a user without a policy reference-> OK Add a policy reference -> OK Add a second policy reference -> OK Removed the first policy reference -> OK Removed the second policy reference -> OK (Object class is removed) We discussed the error message in case a non existing policy is referenced. I tested it with the old version and it throws an error as well -> No regression -> OK YAML -> OK There are a few failed jenkins tests, I don't think they are caused by this but I want to look at these a bit more before verifying this.
jenkins looks good now :) -> Verified
<http://errata.software-univention.de/ucs/4.4/50.html>