Univention Bugzilla – Bug 47218
Nested groups don't work to grant permissions to use HTTP-API userimport
Last modified: 2023-06-12 15:39:48 CEST
The UCS@school HTTP-API import requires that a user is a member of a permission group (e.g. $OU-import-all) to be able to use the import. This only works if the user is directly a member of this group: > root@ucs01:~# univention-ldapsearch -LLLo ldif-wrap=no cn=gym123-import* uniqueMember > dn: cn=gym123-import-all,cn=groups,ou=gym123,dc=schulen,dc=example,dc=org > uniqueMember: uid=testuser,cn=mitarbeiter,cn=users,ou=gym123,dc=schulen,dc=example,dc=org Nested groups do not work: > root@ucs01:~# univention-ldapsearch -LLLo ldif-wrap=no cn=gym123-import* uniqueMember > dn: cn=gym123-import-all,cn=groups,ou=gym123,dc=schulen,dc=example,dc=org > uniqueMember: cn=staff-group-for-imports,cn=groups,dc=schulen,dc=example,dc=org > root@ucs01:~# univention-ldapsearch -LLLo ldif-wrap=no cn=staff-group-for-imports,cn=groups uniqueMember > dn: cn=staff-group-for-imports,cn=groups,cn=groups,ou=gym123,dc=schulen,dc=example,dc=org > uniqueMember: uid=testuser,cn=mitarbeiter,cn=users,ou=gym123,dc=schulen,dc=example,dc=org
This issue has been filed against UCS@school 4.3 or earlier. UCS 4.3 is out of maintenance and UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.