First Last Prev Next    This bug is not in your last search results.
Bug 54568 - policies/umc also applies to computer objects
policies/umc also applies to computer objects
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Policies
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-2-errata
Assigned To: Florian Best
Iván.Delgado
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-03-19 16:34 CET by Florian Best
Modified: 2022-11-16 18:03 CET (History)
1 user (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2022-03-19 16:34:59 CET 
UMC policies are also evaluated for computer objects.
So UMC should support to display and set them.

Patch:
diff --git management/univention-directory-manager-modules/modules/univention/admin/handlers/policies/umc.py management/univention-directory-manager-modules/modules/univention/admin/handlers/policies/umc.py
index dbb0df122b..33bdf86f60 100644
--- management/univention-directory-manager-modules/modules/univention/admin/handlers/policies/umc.py
+++ management/univention-directory-manager-modules/modules/univention/admin/handlers/policies/umc.py
@@ -62 +62 @@ policy_oc = 'umcPolicy'
-policy_apply_to = ['users/user', 'users/ldap', 'groups/group']
+policy_apply_to = ['users/user', 'users/ldap', 'groups/group', 'computers/domaincontroller_master', 'computers/domaincontroller_backup', 'computers/domaincontroller_slave', 'computers/memberserver']
Comment 1 Florian Best univentionstaff 2022-11-10 15:41:32 CET 
Reproduce:
udm "computers/$(ucr get server/role)" modify --dn "$(ucr get ldap/hostdn)" --policy-reference "cn=default-computers-umc,cn=UMC,cn=policies,$(ucr get ldap/base)"
udm "computers/$(ucr get server/role)" list --policies=1 | grep default-computers-umc
→ UDM CLI shows it:
  univentionPolicyReference: cn=default-computers-umc,cn=UMC,cn=policies,l=school,l=dev
    Policy: cn=default-computers-umc,cn=UMC,cn=policies,l=school,l=dev

__udm "computers/$(ucr get server/role)" list --policies=1 | grep default-computers-umc
curl -s -H 'Accept: application/json' "http://Administrator:univention@localhost/univention/udm/computers/$(ucr get server/role)/$(ucr get ldap/hostdn)" | python -m json.tool | grep -A2 policies/umc
→ UDM REST API doesn't show it.
Comment 2 Florian Best univentionstaff 2022-11-11 13:35:23 CET 
UMC policies can now be selected for computer objects which provide a UMC:

univention-directory-manager-modules.yaml
eeb33193ed3e | feat(udm policies(umc): apply policies/umc also to computer objects

univention-directory-manager-modules (15.0.13-20)
eeb33193ed3e | feat(udm policies(umc): apply policies/umc also to computer objects
Comment 3 Iván.Delgado univentionstaff 2022-11-11 13:49:17 CET 
Verified:
 * Comment 1
 * Advisory
First Last Prev Next    This bug is not in your last search results.