Univention Bugzilla – Bug 54395
Service Specific Password (Radius): Add univentionRadiusPassword attribute
Last modified: 2022-03-23 14:14:42 CET
New attribute for users: univentionRadiusPassword ACLs: Nobody may write; hosts may read.
Jenkins shows: Traceback (most recent call last): File "/usr/share/ucs-test/45_radius/12_acls_service_specific_password.py", line 75, in test_acl_admin_may_write lo.modify(dn, (('univentionRadiusPassword', b'', ssp[1]),)) File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 814, in modify raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) univention.admin.uexceptions.ldapError: Inappropriate matching: modify/add: univentionRadiusPassword: no equality matching rule Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 803, in modify return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 208, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 754, in modify self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 208, in _decorated return func(self, *args, **kwargs) File "/usr/lib/python3/dist-packages/univention/uldap.py", line 813, in modify_ext_s rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1253, in modify_ext_s return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3 resp_ctrl_classes=resp_ctrl_classes File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4 ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop) File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call reraise(exc_type, exc_value, exc_traceback) File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise raise exc_value File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call result = func(*args,**kwargs) ldap.INAPPROPRIATE_MATCHING: {'desc': 'Inappropriate matching', 'info': 'modify/add: univentionRadiusPassword: no equality matching rule'}
I give you a hint: base/univention-python/modules/uldap.py in access:modify() has 3 ways to specify the LDAP operation which is used ;-) One(Two) does not need a equality matching rule. >>> lo.modify(dn, [('univentionRadiusPassword', [b''], [b'asdf'])]) #ml=[(2, 'univentionRadiusPassword', [b'asdf'])] >>> lo.getAttr(dn, 'univentionRadiusPassword') [b'asdf'] >>> lo.modify(dn, [('univentionRadiusPassword', [b'asdf'], [b'foobar'])]) #ml=[(2, 'univentionRadiusPassword', [b'foobar'])] >>> lo.getAttr(dn, 'univentionRadiusPassword') [b'foobar'] >>> lo.modify(dn, [('univentionRadiusPassword', [b'foobar'], [b''])]) #ml=[(2, 'univentionRadiusPassword', [b''])] >>> lo.getAttr(dn, 'univentionRadiusPassword') [b'']
Package: univention-ldap Version: 16.0.7-18A~5.0.0.202203181059 Branch: ucs_5.0-0 Scope: errata5.0-1
univentionRadiusPassword only readable by computer objects (and Domain Admins) on primary/backup and replica: OK Only Admins can write: OK Schema: OK No equalityMatchingRule: OK Tests: OK Verified
<https://errata.software-univention.de/#/?erratum=5.0x255>