Univention Bugzilla – Bug 52918
Validation does not test actual group membership
Last modified: 2021-03-16 11:06:23 CET
When I set the UCRV for the group prefix and open an existing user I should get a validation error. It does however not happen. The groups returned by *.get_specific_groups() are calculated DNs, not the ones the user actually is a member of (UDM property "groups"). ---------------------------------------------------------------- $ ucr set ucsschool/ldap/default/groupprefix/pupils=foo $ python [..] st = Student.get_all(lo, "DEMOSCHOOL")[0] st.get_specific_groups(lo) ['cn=Domain Users DEMOSCHOOL,cn=groups,ou=DEMOSCHOOL,dc=uni,dc=dtr', 'cn=DEMOSCHOOL-Democlass,cn=klassen,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=uni,dc=dtr', 'cn=fooDEMOSCHOOL,cn=groups,ou=DEMOSCHOOL,dc=uni,dc=dtr'] st.get_udm_object(lo)["groups"] ['cn=schueler-demoschool,cn=groups,ou=DEMOSCHOOL,dc=uni,dc=dtr', 'cn=Domain Users DEMOSCHOOL,cn=groups,ou=DEMOSCHOOL,dc=uni,dc=dtr', 'cn=DEMOSCHOOL-Democlass,cn=klassen,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=uni,dc=dtr'] ---------------------------------------------------------------- The validation should check the actual group membership.
My mistake. After installing the ucs-school-lib package from git, I didn't run "update-python-modules -f" and thus the old code was used.