Bug 48302 – Import-HTTP-API permission check tests username case sensitive

Bug 48302 - Import-HTTP-API permission check tests username case sensitive


Summary:	Import-HTTP-API permission check tests username case sensitive

Status:	CLOSED WONTFIX

Product:	UCS@school
Classification:	Unclassified
Component:	HTTP-API (Kelvin)
Version:	UCS@school 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS@school maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-12-07 13:19 CET by Daniel Tröder
Modified:	2023-06-12 15:39 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2018-12-07 13:19:52 CET

The filter used for checking if a user has access to a resource is case sensitive, because the memberUid is used. This leads to ACCESS DENIED for e.g. "administrator", but not for "Administrator".

'(&(objectClass=ucsschoolImportGroup)(ucsschoolImportRole={role})(ucsschoolImportSchool={school})(memberUid=%s))'

Changing this to use the DN and uniqueMember would make the test case insensitive.

Comment 1 Jan-Luca Kiok

2023-06-12 15:32:07 CEST

This issue has been filed against UCS@school 4.3 or earlier.

UCS 4.3 is out of maintenance and UCS components have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.