First Last Prev Next    This bug is not in your last search results.
Bug 47218 - Nested groups don't work to grant permissions to use HTTP-API userimport
Nested groups don't work to grant permissions to use HTTP-API userimport
Status: CLOSED WONTFIX
Product: UCS@school
Classification: Unclassified
Component: HTTP-API (Kelvin)
UCS@school 4.3
Other other
: P5 normal (vote)
: ---
Assigned To: UCS@school maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-20 13:20 CEST by Michael Grandjean
Modified: 2023-06-12 15:39 CEST (History)
0 users

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Grandjean univentionstaff 2018-06-20 13:20:27 CEST 
The UCS@school HTTP-API import requires that a user is a member of a permission group (e.g. $OU-import-all) to be able to use the import. This only works if the user is directly a member of this group:

> root@ucs01:~# univention-ldapsearch -LLLo ldif-wrap=no cn=gym123-import* uniqueMember
> dn: cn=gym123-import-all,cn=groups,ou=gym123,dc=schulen,dc=example,dc=org
> uniqueMember: uid=testuser,cn=mitarbeiter,cn=users,ou=gym123,dc=schulen,dc=example,dc=org

Nested groups do not work:

> root@ucs01:~# univention-ldapsearch -LLLo ldif-wrap=no cn=gym123-import* uniqueMember
> dn: cn=gym123-import-all,cn=groups,ou=gym123,dc=schulen,dc=example,dc=org
> uniqueMember: cn=staff-group-for-imports,cn=groups,dc=schulen,dc=example,dc=org

> root@ucs01:~# univention-ldapsearch -LLLo ldif-wrap=no cn=staff-group-for-imports,cn=groups uniqueMember
> dn: cn=staff-group-for-imports,cn=groups,cn=groups,ou=gym123,dc=schulen,dc=example,dc=org
> uniqueMember: uid=testuser,cn=mitarbeiter,cn=users,ou=gym123,dc=schulen,dc=example,dc=org
Comment 2 Jan-Luca Kiok univentionstaff 2023-06-12 15:32:10 CEST 
This issue has been filed against UCS@school 4.3 or earlier.

UCS 4.3 is out of maintenance and UCS components have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.
First Last Prev Next    This bug is not in your last search results.