Bug 50474 - 'CR/LF' in CN breaks Replication
'CR/LF' in CN breaks Replication
Status: NEW
Product: UCS
Classification: Unclassified
Component: Listener (univention-directory-listener)
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-11-08 12:42 CET by Nico Stöckigt
Modified: 2019-12-03 08:24 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.143
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted after Product Owner Review:
Ticket number: 2019110821000613
Bug group (optional): Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2019-11-08 12:42:45 CET
Environment: UCS 4.4-2 e333 with ad-connector

A 'CR/LF' in the 'CN' of an Object causes the Listener/Notifier-Replication to stall due to an invalid Translog/Transaction entry. The ad-connector should reject such values.
Comment 1 Ingo Steuwer univentionstaff 2019-11-18 16:02:26 CET
As linebreak characters follow the LDAP standards the replication has to support them. This needs to be fixed in listener/notifier.
Comment 2 Florian Best univentionstaff 2019-12-02 17:23:50 CET
This probably only happens for objects where the CN is part of the DN?
So a newline-carriagereturn in the DN causes the error?
Comment 4 Sven Anders 2019-12-03 08:24:59 CET
Yes it was in the dn. In Our Case, it was an Object in

cn=temporary,cn=univention,dc=domain,dc=de

Sorry I do not rember which one. And we did not notice it in our ticket.