Bug 47203 – [4.3] school-import needs read-only cn=admin connection

Bug 47203 - [4.3] school-import needs read-only cn=admin connection


Summary:	[4.3] school-import needs read-only cn=admin connection

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Import scripts
Version:	UCS@school 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.3 v5
Assigned To:	Daniel Tröder
QA Contact:	Jürn Brodersen

URL:
Keywords:

Depends on:
Blocks:	47204 47381
	Show dependency tree / graph

Reported:	2018-06-18 13:17 CEST by Daniel Tröder
Modified:	2018-09-11 11:34 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2018-06-18 13:17:09 CEST

The UCS@school import should use a read-only cn=admin connection (instead of a machine connection) for the dry-run and wherever a write-connection is not required.

To use a cn=admin connection is important, because otherwise the LDAP ACLs would create a massive slow down.

Comment 1 Daniel Tröder

2018-06-18 16:40:20 CEST

A wrapper-class for the LDAP connection object (class "uldap.access") prevents the usage of the methods 'add', 'modify', 'rename' and 'delete'.

Code has been commited to git branch dtroeder/45715_4.3_checks_in_dry-run, to fix a commit there (852bad00).

[dtroeder/45715_4.3_checks_in_dry-run] f6d61341b Bug #47203: add read-only LDAP connection support
[dtroeder/45715_4.3_checks_in_dry-run] 22a07bfba Bug #47203: use read-only LDAP connection during dry-runs and in CSV reader

Comment 2 Daniel Tröder

2018-07-30 17:30:43 CEST

Code was merged to 4.3 and built.

[4.3] 476880c71 Bug #45715 Bug #47203: Merge branch 'dtroeder/45715_4.3_checks_in_dry-run' into 4.3
[4.3] 87b3e8cb3 Bug #45715 Bug #47203: changelog
[4.3] 96b537756 Bug #45715 Bug #47203: advisory

ucs-school-import (16.0.2-29)

Comment 3 Jürn Brodersen

2018-08-07 13:35:40 CEST

Import tested for bug 46712.

Import works -> OK
YAML -> OK

-> Verified

Comment 4 Sönke Schwardt-Krummrich

2018-09-11 11:34:16 CEST

UCS@school 4.3 v5 has been released.

https://docs.software-univention.de/changelog-ucsschool-4.3v5-de.html

If this error occurs again, please clone this bug.