First Last Prev Next    This bug is not in your last search results.
Bug 54150 - UDM does not support searching using 'userexpiry' property
UDM does not support searching using 'userexpiry' property
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-1-errata
Assigned To: Florian Best
Christian Castens
https://git.knut.univention.de/univen...
:
: 54152 (view as bug list)
Depends on:
Blocks: 54152
  Show dependency treegraph
 
Reported: 2021-11-26 11:15 CET by Daniel Tröder
Modified: 2022-03-23 14:14 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Tröder univentionstaff 2021-11-26 11:15:53 CET 
Python-UDM and UDM-CLI support filters with both LDAP attributes and UDM properties.
Internally it maps UDM properties to LDAP attributes before executing the actual LDAP query.

When using the 'userexpiry' property that does not work.

--------------------------------------------------------------------------
root@m31:~# udm users/user list --filter uid=demo_staff | grep userexpiry
  userexpiry: 2021-11-25

root@m31:~# udm users/user list --filter userexpiry=2021-11-25
# no user is found

root@m31:~# python -c 'import time; print(int(time.mktime(time.strptime("2021-11-25", "%Y-%m-%d")) // 3600 // 24 + 1))'
18956

root@m31:~# udm users/user list --filter userexpiry=18956
# no user is found
--------------------------------------------------------------------------

It works however if the LDAP attribute is used with the int value:

--------------------------------------------------------------------------
root@m31:~# udm users/user list --filter shadowExpire=18956
# lists the user
--------------------------------------------------------------------------

Expected behavior is that the filter "userexpiry=2021-11-25" can be used with UDM (which will have to convert it to "shadowExpire=18956").
Comment 1 Florian Best univentionstaff 2021-12-13 13:11:50 CET 
Fixed in MR: https://git.knut.univention.de/univention/ucs/-/merge_requests/203
which transforms "userexpiry=2021-11-25" into "(|(shadowExpire=18956)(krb5ValidEnd=20211125000000Z)(sambaKickoffTime=1637794800))".
and "userexpiry=* into "(|(shadowExpire=*)(krb5ValidEnd=*)(sambaKickoffTime=*))".

A filter like "userexpiry=2021-*" is not required and too complicated to implement.
Comment 2 Florian Best univentionstaff 2022-03-10 12:33:48 CET 
A search for userexpiry=$date is now possible.

univention-directory-manager-modules.yaml
8042bdb5459f | Bug #54150: Merge branch 'fbest/54150-udm-users-user-filter-userexpiry' into 5.0-1
4d85e8a46634 | Bug #54150: allow "udm users/user list --filter userexpiry=2021-04-14"

univention-directory-manager-modules (15.0.11-34)
8042bdb5459f | Bug #54150: Merge branch 'fbest/54150-udm-users-user-filter-userexpiry' into 5.0-1
4d85e8a46634 | Bug #54150: allow "udm users/user list --filter userexpiry=2021-04-14"
Comment 3 Christian Castens univentionstaff 2022-03-10 13:28:54 CET 
Functionality tested:
-udm users/user list --filter userexpiry=2021-11-25  OK

code review OK
yaml, changelog OK
log files OK
Comment 4 Florian Best univentionstaff 2022-03-14 13:17:36 CET 
*** Bug 54152 has been marked as a duplicate of this bug. ***
First Last Prev Next    This bug is not in your last search results.