First Last Prev Next    This bug is not in your last search results.
Bug 55216 - users/ldap objects cannot be identified if they have the "functional" univentionObjectFlag | broken sys-idp-user
users/ldap objects cannot be identified if they have the "functional" univent...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 normal (vote)
: UCS 5.0-4-errata
Assigned To: Florian Best
Juan Carlos
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-23 10:57 CEST by Julia Bremer
Modified: 2023-07-12 13:57 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.017
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): bitesize, Debt Technical
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2022-09-23 10:57:30 CEST 
The udm identify function doesn't regards objects with the UniventionObjectFlag == "functional" as valid users/ldap objects.

This is the check in the udm identify method:

»   if b'0' in attr.get('uidNumber', []) or b'$' in attr.get('uid', [b''])[0] or b'univentionHost' in attr.get('objectClass', []) or b'functional' in attr.get('univentionObjectFlag', []):
»   »   return False

It looks as though it was copied from users/user which has the same check. 
I would assume that the functional UniventionObjectFlag is especially made for users/ldap objects and should not invalidate them. 


The sys-idp-user, created by 91univention-saml.inst is a users/ldap object with the addition of the functional flag and is currently "broken".

Udm says:
The object type of this object differs from the specified object type: The object uid=sys-idp-user,cn=users,$base is not a users/ldap.
Comment 1 Florian Best univentionstaff 2022-09-26 15:19:48 CEST 
See also / Duplicate Bug #39499
Comment 4 Florian Best univentionstaff 2023-07-03 15:57:23 CEST 
users/ldap has been changed so that it doesn't ignore univentionObjectType=functional objects anymore.

b5a9bbb3da | feat(udm): detect users/ldap objects with univentionObjectType=functional again
Comment 5 Juan Carlos univentionstaff 2023-07-04 13:03:55 CEST 
QA:

Code changes: OK
YAML: OK
Changelog: OK
Functional users are shown in udm: OK
Funcional users are not shown UMC: OK
Comment 6 Christian Castens univentionstaff 2023-07-12 13:57:16 CEST 
<https://errata.software-univention.de/#/?erratum=5.0x739>
First Last Prev Next    This bug is not in your last search results.