Bug 54759 – Join script modify DN without checking the existence

Bug 54759 - Join script modify DN without checking the existence


Summary:	Join script modify DN without checking the existence

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Join (univention-join)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-05-16 07:56 CEST by Dirk Schnick
Modified:	2022-05-17 10:02 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022051321000511
Bug group (optional):	bitesize
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Schnick

2022-05-16 07:56:45 CEST

A customer (see ticket) had problems to join servers as our join script only tries to modify the DN: cn=domain-admin,cn=category,cn=portals,cn=univention,$ldap_base in line 65 (ff.) without checking if that DN exists. The reason why that DN is not existing is not know, but anyways a test if the DN exists and if not a create instead of modify would be an improvement for our product.


Actural code:

	univention-directory-manager portals/category modify "$@" \
		--dn "cn=domain-admin,cn=category,cn=portals,cn=univention,$ldap_base" \
		--append entries="cn=server-overview,cn=entry,cn=portals,cn=univention,$ldap_base" || die

Comment 2 Florian Best

2022-05-16 12:00:16 CEST

It should exists:
management/univention-portal/33univention-portal.inst-  univention-directory-manager portals/category create "$@" --ignore_exists \
management/univention-portal/33univention-portal.inst-          --position "cn=category,cn=portals,cn=univention,$ldap_base" \
management/univention-portal/33univention-portal.inst:          --set name=domain-admin \
management/univention-portal/33univention-portal.inst-          --append entries="cn=umc-domain,cn=entry,cn=portals,cn=univention,$ldap_base" \
management/univention-portal/33univention-portal.inst-          --append displayName='"en_US" "Administration"' \
management/univention-portal/33univention-portal.inst-          --append displayName='"de_DE" "Verwaltung"' \
management/univention-portal/33univention-portal.inst-          --append displayName='"fr_FR" "Administration"' || die

If it doesn't - find out who deleted it.
Don't delete it manually. If you want to have custom portals just create a new portal instead of removing contents from the original ones.

Comment 3 Dirk Schnick

2022-05-17 10:02:20 CEST

But "|| die" is from my point of view not the best way to handle a missing DN and that's what I'm pointing on.