Univention Bugzilla – Bug 53422
UMC ACL processing fails if group contains invalid user DN
Last modified: 2021-06-08 16:54:13 CEST
Steps to reproduce: - add a valid "User A" to "Domain Admins" - add a non existing DN as user to "Domain Admins" - Login in UMC as "User A" You'll have an empty UMC, seems like the ACL processing fails due to the invalid User DN. It can be fixed by removing the non existing DN on the command line.
Can you provide univention-management-console-server.log ?
(In reply to Florian Best from comment #1) > Can you provide univention-management-console-server.log ? Nothing special, this is a session which failed (I replaced the customer DN): 08.06.21 11:20:03.097 MODULE ( PROCESS ) : Setting auth type to u'SAML' 08.06.21 11:20:03.778 MODULE ( PROCESS ) : Setting auth type to u'SAML' 08.06.21 11:20:04.484 MODULE ( PROCESS ) : Setting auth type to u'SAML' 08.06.21 11:20:05.741 MAIN ( PROCESS ) : LDAP bind for user '<DN>'. 08.06.21 11:20:06.016 MAIN ( WARN ) : SAML binddn does not match: '<lower case DN>' != '<DN>' Actually there should be a second session for a different user, but I don't see any log entry for that.
I can't reproduce this in UCS 5.0: udm users/user create --set username=testA --set password=univention --set lastname=foo --append groups='cn=Domain Admins,cn=groups,l=school,l=dev' --position cn=users,l=school,l=dev and copied uniqueMember,memberUid in "cn=Domain Admins" changing testA→testB. After UMC login with testA everything in UMC works.