First Last Prev Next    This bug is not in your last search results.
Bug 48047 - Regression: Extended attributes on users/self not savable
Regression: Extended attributes on users/self not savable
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.3
Other Linux
: P5 normal (vote)
: UCS 4.3-2-errata
Assigned To: UMC maintainers
Ole Schwiegert
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-10-23 13:05 CEST by Johannes Keiser
Modified: 2018-12-05 14:39 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.086
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2018101721000761
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Keiser univentionstaff 2018-10-23 13:05:34 CEST 
Following this cool solution (https://wiki.univention.de/index.php/Cool_Solution_-_User_Self-Service_with_extended_Attributes) a user can edit properties of his own user account via UMC.

Bug 46529 fixed that properties that have a default value but were previously empty would by ignored when saving (and therefore the default value not getting set)

Due to bug 46529 being fixed, an attempt is now made to save these empty properties with default values but since they are not present on the users/self
module this error is raised:
raise UMC_OptionMissing(_('Property %s not found') % property_name)
Comment 1 Johannes Keiser univentionstaff 2018-11-19 18:27:21 CET 
d99eccb798 Bug #48047: ignore default values for props not in the form
f2b1ace7e6 Bug #48047: properly reload object when saving in users/self module
193b04fe7d Bug #48047: Debian changelog
70751e73c0 Bug #48047: YAML - add entry
2e3ca3e4c8 Bug #48047: Merge branch 'jkeiser/4.3-2/48047/users_self_default_values' into 4.3-2
dece9180a5 Bug #48047: YAML - update version

Successful build
Package: univention-management-console-module-udm
Version: 8.0.5-25A~4.3.0.201811191824
Comment 2 Ole Schwiegert univentionstaff 2018-11-20 09:40:10 CET 
After following the cool solution and upgrading to the latest packages from the testing Repo I got these results from using the self service as Administrator or my test user:

With Administrator

20.11.18 09:13:34.399  DEBUG_INIT
20.11.18 09:13:35.759  MODULE      ( PROCESS ) : Loading python module.
20.11.18 09:13:36.340  MODULE      ( PROCESS ) : Imported python module.
20.11.18 09:13:36.345  MODULE      ( PROCESS ) : Module instance created.
20.11.18 09:13:36.352  MODULE      ( PROCESS ) : Module socket initialized.
20.11.18 09:13:36.404  MODULE      ( PROCESS ) : Setting user LDAP DN 'uid=Administrator,cn=users,dc=realm2,dc=intranet'
20.11.18 09:13:36.404  MODULE      ( PROCESS ) : Setting auth type to None
20.11.18 09:13:36.405  MODULE      ( PROCESS ) : Initializing module.
20.11.18 09:13:36.431  MAIN        ( PROCESS ) : LDAP bind for user 'uid=Administrator,cn=users,dc=realm2,dc=intranet'.
20.11.18 09:13:40.566  MODULE      ( ERROR   ) : Identified module policies/admin_user for cn=default-admins,cn=admin-settings,cn=users,cn=policies,dc=realm2,dc=intranet (flavor=None) does not have a relating UDM module.
20.11.18 09:13:59.365  MODULE      ( PROCESS ) : Property homeSharePath not found

With test user: 

20.11.18 09:14:50.503  DEBUG_INIT
20.11.18 09:14:51.379  MODULE      ( PROCESS ) : Loading python module.
20.11.18 09:14:51.620  MODULE      ( PROCESS ) : Imported python module.
20.11.18 09:14:51.620  MODULE      ( PROCESS ) : Module instance created.
20.11.18 09:14:51.620  MODULE      ( PROCESS ) : Module socket initialized.
20.11.18 09:14:51.623  MODULE      ( PROCESS ) : Setting user LDAP DN 'uid=mm,cn=users,dc=realm2,dc=intranet'
20.11.18 09:14:51.623  MODULE      ( PROCESS ) : Setting auth type to None
20.11.18 09:14:51.623  MODULE      ( PROCESS ) : Initializing module.
20.11.18 09:14:51.701  MAIN        ( PROCESS ) : LDAP bind for user 'uid=mm,cn=users,dc=realm2,dc=intranet'.
20.11.18 09:14:55.725  MODULE      ( WARN    ) : Failed to modify LDAP object uid=mm,cn=users,dc=realm2,dc=intranet: permissionDenied: 

To avoid any problems in that regard I restarted all services and even tried a reboot of the machine.
The ACL code from the cool solution is in the slapd.conf and the test user is part of the group Domain Users, which has the UMC policy default-umc-users which contains the operation set udm-self. I also tried to give the test user the umc policy udm-self directly. No change.
The test user had the error described in this ticket (property disabled not found) before upgrading to test packages.
Comment 3 Ole Schwiegert univentionstaff 2018-11-20 09:55:09 CET 
I have a snapshot of that state if needed.
Comment 4 Daniel Tröder univentionstaff 2018-11-20 10:03:43 CET 
"Property .+ not found" is from:
-----------------
def validate(self, request):
  for property_name, value in request.options.get('properties').items():
    property_obj = module.get_property(property_name)
    if property_obj is None:
      raise UMC_OptionMissing(_('Property %s not found') % property_name)
-----------------
def get_property(self, property_name):
  return getattr(self.module, 'property_descriptions', {}).get(property_name, None)
-----------------

But in handlers/users/self.py:

-----------------
property_descriptions = {}
-----------------

So this can never work.
Comment 5 Johannes Keiser univentionstaff 2018-11-22 07:56:58 CET 
(In reply to Ole Schwiegert from comment #2)
> After following the cool solution and upgrading to the latest packages from
> the testing Repo I got these results from using the self service as
> Administrator or my test user:
> 
> With Administrator
> 
> 20.11.18 09:13:34.399  DEBUG_INIT
> 20.11.18 09:13:35.759  MODULE      ( PROCESS ) : Loading python module.
> 20.11.18 09:13:36.340  MODULE      ( PROCESS ) : Imported python module.
> 20.11.18 09:13:36.345  MODULE      ( PROCESS ) : Module instance created.
> 20.11.18 09:13:36.352  MODULE      ( PROCESS ) : Module socket initialized.
> 20.11.18 09:13:36.404  MODULE      ( PROCESS ) : Setting user LDAP DN
> 'uid=Administrator,cn=users,dc=realm2,dc=intranet'
> 20.11.18 09:13:36.404  MODULE      ( PROCESS ) : Setting auth type to None
> 20.11.18 09:13:36.405  MODULE      ( PROCESS ) : Initializing module.
> 20.11.18 09:13:36.431  MAIN        ( PROCESS ) : LDAP bind for user
> 'uid=Administrator,cn=users,dc=realm2,dc=intranet'.
> 20.11.18 09:13:40.566  MODULE      ( ERROR   ) : Identified module
> policies/admin_user for
> cn=default-admins,cn=admin-settings,cn=users,cn=policies,dc=realm2,
> dc=intranet (flavor=None) does not have a relating UDM module.
> 20.11.18 09:13:59.365  MODULE      ( PROCESS ) : Property homeSharePath not
> found

As discussed this was a caching problem


> With test user: 
> 
> 20.11.18 09:14:50.503  DEBUG_INIT
> 20.11.18 09:14:51.379  MODULE      ( PROCESS ) : Loading python module.
> 20.11.18 09:14:51.620  MODULE      ( PROCESS ) : Imported python module.
> 20.11.18 09:14:51.620  MODULE      ( PROCESS ) : Module instance created.
> 20.11.18 09:14:51.620  MODULE      ( PROCESS ) : Module socket initialized.
> 20.11.18 09:14:51.623  MODULE      ( PROCESS ) : Setting user LDAP DN
> 'uid=mm,cn=users,dc=realm2,dc=intranet'
> 20.11.18 09:14:51.623  MODULE      ( PROCESS ) : Setting auth type to None
> 20.11.18 09:14:51.623  MODULE      ( PROCESS ) : Initializing module.
> 20.11.18 09:14:51.701  MAIN        ( PROCESS ) : LDAP bind for user
> 'uid=mm,cn=users,dc=realm2,dc=intranet'.
> 20.11.18 09:14:55.725  MODULE      ( WARN    ) : Failed to modify LDAP
> object uid=mm,cn=users,dc=realm2,dc=intranet: permissionDenied: 
> 
I don't think that the ACL part of the article not working is part of this Bug
Comment 6 Ole Schwiegert univentionstaff 2018-11-22 09:02:57 CET 
Agreed.

Changelog & Advisories: OK
After installing the testing packages the users/self module no longer tries to save values that are not in the form: OK

The ACL problem should be addressed separately.
Comment 7 Arvid Requate univentionstaff 2018-12-05 14:39:23 CET 
<http://errata.software-univention.de/ucs/4.3/351.html>
First Last Prev Next    This bug is not in your last search results.