Univention Bugzilla – Bug 49041
Cannot use wildcards in ignorelist because they get escaped in mapping.py
Last modified: 2021-03-02 21:16:12 CET
In a customer scenario there is the requirement that the AD-Connector doesn't synchronize any groups that start with some common prefix. Now you would gess that this can be done simply by setting a wildcard filter like: ucr set connector/s4/mapping/user/ignorelist="root,ucs-s4sync,gues*" But since Bug #11658 has been fixed, this is not possible any longer, becasue it results in this ingore list in hte mapping.py: ignore_filter='(|(uid=root)(CN=root)(uid=ucs-s4sync)(CN=ucs-s4sync)(uid=gues\\2a)(CN=gues\\2a))', IMHO we shouldn't escape the values of this variable. +++ This bug was initially created as a clone of Bug #11658 +++
If people want to ignore stuff like "group()group", it's their job to escape them properly (group\\28\\29group).
(In reply to Arvid Requate from comment #1) > If people want to ignore stuff like "group()group", it's their job to escape > them properly (group\\28\\29group). I disagree: Administrator should not know anything about escaping because it's an implementation detail. If we would use the UCR variable also for comparing values it would fail with an escaped values. Instead we should explicitly allow wildcards by not escaping them. A patch which does this is: diff --git services/univention-ad-connector/modules/univention/connector/ad/mapping.py services/univention-ad-connector/modules/univention/connector/ad/mapping.py index 120ae02917..a6e061474e 100644 --- services/univention-ad-connector/modules/univention/connector/ad/mapping.py +++ services/univention-ad-connector/modules/univention/connector/ad/mapping.py @@ -49,11 +49,11 @@ def ignore_filter_from_tmpl(template, ucr_key, default=''): >>> ignore_filter_from_tmpl('(cn={0!e})', ... 'connector/ad/mapping/nonexistend/ignorelist', - ... 'one,two,three') - '(|(cn=one)(cn=two)(cn=three))' + ... 'one,two,th(r)ee*') + '(|(cn=one)(cn=two)(cn=th\\28r\\29ee*))' """ variables = [v for v in configRegistry.get(ucr_key, default).split(',') if v] - filter_parts = [format_escaped(template, v) for v in variables] + filter_parts = [format_escaped(template, v).replace('\\2a', '*') for v in variables] if filter_parts: return '(|{})'.format(''.join(filter_parts)) return ''