Bug 50674 – Add AD Connector ignorefilter via UCR

Bug 50674 - Add AD Connector ignorefilter via UCR


Summary:	Add AD Connector ignorefilter via UCR

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS 4.4-3-errata
Assigned To:	Julia Bremer
QA Contact:	Johannes Keiser

URL:
Keywords:

Depends on:
Blocks:	51693
	Show dependency tree / graph

Reported:	2019-12-30 15:04 CET by Stefan Gohmann
Modified:	2020-07-21 18:30 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2019-12-30 15:04:08 CET

A UCR variable connector/ad/mapping/user/ignorefilter should be added which can be used to ignore a bulk of users.

In a customer package I have used the following patch:

@@ -189,6 +189,8 @@ ignore_filter = '(userAccountControl=2080)'
 for user in configRegistry.get('connector/ad/mapping/user/ignorelist', '').split(','):
     if user:
         ignore_filter += '(uid=%s)(CN=%s)' % (user, user)
+if configRegistry.get('connector/ad/mapping/user/ignorefilter', None):
+    ignore_filter += configRegistry.get('connector/ad/mapping/user/ignorefilter')
 if ignore_filter:
     print "         ignore_filter='(|%s)'," % ignore_filter
 @!@


So, I could set the UCR variable to (notSyncToAD=TRUE).

Comment 1 Philipp Hahn

2020-01-14 12:36:31 CET

escape_filter() missing

Comment 2 Julia Bremer

2020-01-24 09:01:10 CET

Successful build
Package: univention-ad-connector
Version: 13.0.0-25A~4.4.0.202001221850
Branch: ucs_4.4-0
Scope: errata4.4-3

877e6f856c Bug #50674: yaml
51b88e6763 Bug #50674: Add UCR-Variable to ignore bulks of users via LDAP-Filter

I added the UCR variable 'connector/ad/mapping/user/ignorefilter' .
I did not add filter escaping, because I think customers should be able to add more complex ldap-filters with this variable, as well as wildcards, which would be prevented by escaping its contents.

Comment 3 Johannes Keiser

2020-01-28 12:19:43 CET

52abbede9d Bug #50674: yaml
ff80ec116b Bug #50674: debian changelog
91c5dae043 Bug #50674: fix translation in UCR variable description
18265f6328 Bug #50674: Fix spelling
d227262877 Bug #50674: Add documentation
f8aa3857fc Bug #50674: try to generate a valid ldap filter

Successful build
Package: univention-ad-connector
Version: 13.0.0-27A~4.4.0.202001281145

OK: UCR variable description
OK: UCR variable is evaluated, the created filter is correct and matching users are ignored
OK: docs
OK: yaml
-> verified

Comment 4 Erik Damrose

2020-01-29 14:07:03 CET

<http://errata.software-univention.de/ucs/4.4/429.html>