Bug 51693 – connector/ad/mapping/user/ignorelist doesn't support wildcard patterns

Bug 51693 - connector/ad/mapping/user/ignorelist doesn't support wildcard patterns


Summary:	connector/ad/mapping/user/ignorelist doesn't support wildcard patterns

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:	Samba maintainers

URL:
Keywords:

Depends on:	50674
Blocks:
	Show dependency tree / graph

Reported:	2020-07-21 18:30 CEST by Arvid Requate
Modified:	2020-07-22 11:09 CEST (History)
CC List:	7 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2020071621000514
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2020-07-21 18:30:07 CEST

ucr set connector/ad/mapping/user/ignorelist=\
"Administrator,krbtgt,root,pcpatch,schoolopsiadmin-*"

leads to

ignore_filter='(|(userAccountControl=2080)(|(uid=Administrator)(CN=Administrator)(uid=krbtgt)(CN=krbtgt)(uid=root)(CN=root)(uid=pcpatch)(CN=pcpatch)(uid=schoolopsiadmin-\\2a)(CN=schoolopsiadmin-\\2a)))'

in /etc/univention/connector/ad/mapping.py. The value from UCR should not be escaped.


root@master:~/univention-support# univention-app info
UCS: 4.4-3 errata413
Installed: adconnector=12.0 nagios=4.3 samba4=4.10 ucsschool=4.4 v4