Bug 54103 – UDM does not allow @ character in group name, but Active Directory does

Bug 54103 - UDM does not allow @ character in group name, but Active Directory does


Summary:	UDM does not allow @ character in group name, but Active Directory does

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-11-19 12:54 CET by Arvid Requate
Modified:	2021-11-22 10:31 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	3: A User would likely not purchase the product
User Pain:	0.051
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2021111321000073
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2021-11-19 12:54:05 CET

In Ticket#2021111321000073 we saw a reject in the AD-Connector log, where a group with RDN CN=Somename@example.org could not be synchronized to UDM/OpenLDAP.

16.11.2021 03:32:51.315 LDAP        (PROCESS): sync to ucs:   [         group] [       add] cn=Somename@example.org,cn=users,dc=example,dc=org
16.11.2021 03:32:51.317 LDAP        (ERROR  ): InvalidSyntax: Name: A group name must start and end with a letter, number or underscore. In between additionally spaces, dashes and dots are allowed. (cn=Somename@example.org,cn=users,dc=example,dc=org)

The AD object has sAMAccountName: Somename@example.org, so I think that UDM syntax should also allow this.

Comment 1 Arvid Requate

2021-11-19 12:55:16 CET

I guess as a workaround one could

ucr set directory/manager/web/modules/groups/group/properties/name/syntax=string

but that disables all syntax checks, so that's not really optimal.

Comment 2 Daniel Tröder

2021-11-22 08:50:01 CET

Careful: in out Dovecot/Postfix integration we assume, that we can distinguish usernames and email addresses, because usernames do not contain an @.
At least we did once - not sure that is still the case, but please don't simply change this without consulting the mail team.