First Last Prev Next    This bug is not in your last search results.
Bug 51364 - Object class violation: invalid structural object class chain (univentionUserTemplate/inetOrgPerson)
Object class violation: invalid structural object class chain (univentionUser...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM - Extended Attributes
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-6-errata
Assigned To: Felix Botner
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-27 14:01 CEST by Florian Best
Modified: 2021-02-05 13:40 CET (History)
6 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support: Yes
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020041521000361
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
patch (git:fbest/51364-usertemplate-filter-out-inetorgperson) (5.37 KB, patch)
2020-05-27 14:01 CEST, Florian Best 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2020-05-27 14:01:41 CEST 
Created attachment 10372 [details]
patch (git:fbest/51364-usertemplate-filter-out-inetorgperson)

The creation of a settings/usertemplate fails if there are extended attributes for the object class inetOrgPerson.

udm settings/usertemplate create \
        --position "cn=templates,cn=univention,$ldap_base" \
        --set name="..."

→ LDAP Error: Object class violation: invalid structural object class chain (univentionUserTemplate/inetOrgPerson)

The extended attribute:

DN: cn=mail,cn=custom attributes,cn=univention,dc=base
  CLIName: mail
  copyable: 0
  default: <username>@example.com
  deleteObjectClass: 0
  disableUDMWeb: 0
  doNotSearch: 0
  fullWidth: 0
  groupName: User account
  groupPosition: 11
  hook: MailUsertemplate
  ldapMapping: mail
  longDescription: Mail Attribut
  mayChange: 1
  module: users/user
  module: settings/usertemplate
  multivalue: 0
  name: mail
  notEditable: 0
  objectClass: inetOrgPerson
  overwritePosition: None
  overwriteTab: 0
  shortDescription: Mail Attribut
  syntax: String
  tabAdvanced: 0
  tabName: General
  tabPosition: 11
  translationGroupName: de_DE: Benutzerkonto
  translationLongDescription: de_DE: mail attribut
  translationShortDescription: de_DE: mail attribut
  translationTabName: de_DE: Allgemein
  valueRequired: 0
  version: 2

univentionUserTemplate already provides all inetOrgPerson attributes, so we should filter out this object class in the addlist/modlist.
Attached patch does this.
Comment 1 Ingo Steuwer univentionstaff 2020-05-27 15:19:54 CEST 
IMHO actually the definition of the extended attribute is wrong. Isn't a better workaround to remove "module: settings/usertemplate" and define a correct extended attribute for the user template?

Who created the extended attribute, a product package?
Comment 2 Florian Best univentionstaff 2020-05-27 15:23:15 CEST 
(In reply to Ingo Steuwer from comment #1)
> IMHO actually the definition of the extended attribute is wrong. Isn't a
> better workaround to remove "module: settings/usertemplate" and define a
> correct extended attribute for the user template?
No, all extended attributes for users/user get automatically applies for settings/usertemplate as well.
And even if not, this could be desired behavior to add attributes from inetOrgPerson to settings/usertemplate.

> Who created the extended attribute, a product package?
The customer installed it.
Comment 3 Ingo Steuwer univentionstaff 2020-05-27 15:37:24 CEST 
(In reply to Florian Best from comment #2)
> (In reply to Ingo Steuwer from comment #1)
> > IMHO actually the definition of the extended attribute is wrong. Isn't a
> > better workaround to remove "module: settings/usertemplate" and define a
> > correct extended attribute for the user template?
> No, all extended attributes for users/user get automatically applies for
> settings/usertemplate as well.
> And even if not, this could be desired behavior to add attributes from
> inetOrgPerson to settings/usertemplate.

OK, I reproduced it. In the cases in the past it wasn't intended to have these attributes for an usertemplate.

So yes, this is a bug.
Comment 5 Felix Botner univentionstaff 2020-10-06 10:26:30 CEST 
merged patch by florian

6acf208dcf8d91d4d1f30f5b1768eb5538adc4ab - univention-directory-manager-modules
36ea1541d4ae829fd8e2500cfb6108b8e97ddd72

41505e3140716d504d04212fdf855e64e74211f9 - yaml

Successful build
Package: univention-directory-manager-modules
Version: 14.0.16-4A~4.4.0.202010061020
Branch: ucs_4.4-0
Scope: errata4.4-6
Comment 6 Felix Botner univentionstaff 2020-10-06 10:39:39 CEST 
Merge request https://git.knut.univention.de/univention/ucs/-/merge_requests/11
Comment 7 Florian Best univentionstaff 2020-10-08 12:57:51 CEST 
OK: code change
OK: UCS 5 merge request
~OK: YAML (contained typo like "LADP", I made the description more human readable: git:113a750ae95b68a73c94787f199aef6ebeb76490)
Comment 9 Christian Castens univentionstaff 2020-10-16 12:45:06 CEST 
Added test for ObjectClass filtering.

commits:
2d15780a703e7cb5bf9919426a7e01daabe2c24b (test)
e0231a68d6bd39755c9392fb59393d61e9aac77d (changelog)

Package: ucs-test
Version: 9.0.5-14A~4.4.0.202010160913
Branch: ucs_4.4-0
Scope: errata4.4-6



5.0-0 merge request:
commit:
52365d3728dc47b7b8ac73016f0c10920b10c2f6 (test + changelog)

https://git.knut.univention.de/univention/ucs/-/merge_requests/18
Comment 10 Christian Castens univentionstaff 2020-10-16 13:42:45 CEST 
Package: ucs-test
Version: 9.0.5-15A~4.4.0.202010161317
Branch: ucs_4.4-0
Scope: errata4.4-6

test revision:
commits 4.4-6:
2958b37232d9486e2dbac38ee05c23637766f02f (changelog version bump)
b6bacce65a43441368d9e303a35a80e2c383870e (test fix)
Comment 11 Christian Castens univentionstaff 2021-02-05 13:40:30 CET 
I corrected the double entry "module" in the extended attribute dictionary the test works with (can be seen in one of the previous comments..). It now uses a list of modules instead of a double entry.


4.4-7:
1aae45ec839fe4481f4d2bbd29a12ef1c483e4c6 (test fix)


5.0-0:
060b039c28fdbb8717a22115c45038a551a446a6 (test fix)
First Last Prev Next    This bug is not in your last search results.