First Last Prev Next    This bug is not in your last search results.
Bug 54297 - memberUid is missing after updating group users with the same uid
memberUid is missing after updating group users with the same uid
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 5.0-1-errata
Assigned To: Ildefonso González Sánchez
Julia Bremer
https://git.knut.univention.de/univen...
:
Depends on:
Blocks: 54487
  Show dependency treegraph
 
Reported: 2022-01-04 16:33 CET by Jan-Luca Kiok
Modified: 2022-02-24 10:18 CET (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.171
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): bitesize
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jan-Luca Kiok univentionstaff 2022-01-04 16:33:35 CET 
The customer has the Cool Solution user-group-sync at work which synchronizes two domains via serializing users & groups from the source system and modifying them via UDM at the destination system.
If a user is moved his uid remains the same, but the DN changes. While updating its groups, the uniqueMember is updated, but the memberUid value is missing afterwards.

The same can be achieved by changing the DN of a user currently in a group:

$ udm groups/group create --position cn=groups,dc=test,dc=de --set name=testgroup --set users=uid=testuser,cn=users,dc=test,dc=de
Object created: cn=testgroup,cn=groups,dc=test,dc=de
$ univention-ldapsearch -LLL cn=testgroup uniqueMember memberUid
dn: cn=testgroup,cn=groups,dc=test,dc=de
memberUid: testuser
uniqueMember: uid=testuser,cn=users,dc=local,dc=test,dc=de
$ udm groups/group modify --dn cn=testgroup,cn=groups,dc=test,dc=de --set users=uid=testuser,cn=Employees,cn=users,dc=test,dc=de
$ univention-ldapsearch -LLL cn=testgroup uniqueMember memberUid
dn: cn=testgroup,cn=groups,dc=test,dc=de
uniqueMember: uid=testuser,cn=Employees,cn=users,dc=local,dc=test,dc=de

Therefore the memberUid should remain untouched instead of being removed.
Comment 1 Florian Best univentionstaff 2022-01-04 16:39:02 CET 
UCS greater than https://errata.software-univention.de/#/?erratum=4.4x1128 ?
Comment 2 Jan-Luca Kiok univentionstaff 2022-01-05 09:09:09 CET 
No - The bug was reported 5 months ago, but after reviewing the code yesterday with Julia & Dirk I am tempted to say that this never worked correctly.
Comment 4 Ildefonso González Sánchez univentionstaff 2022-02-10 13:00:40 CET 
Solved and validate that work as expected, for udm `groups/group` operations in objects with same uid and different DN:

f41a4d712a Bug #54297: update YAML for univention-directory-manager-modules
85390049cc Bug #54297: ucs test validation for uniquemember modification attribute
0a1d3a0ef2 Bug #54297: memberUid attribute missing when update uniquemember on LDAP group
Comment 5 Julia Bremer univentionstaff 2022-02-16 10:46:51 CET 
OK: Setting users to groups with the same uid, but different dns works
OK: Memberuid attribute still exists
OK: Test
OK: Jenkins-Test
OK: Yaml

Verified
First Last Prev Next    This bug is not in your last search results.