Univention Bugzilla – Bug 55216
users/ldap objects cannot be identified if they have the "functional" univentionObjectFlag | broken sys-idp-user
Last modified: 2023-07-12 13:57:16 CEST
The udm identify function doesn't regards objects with the UniventionObjectFlag == "functional" as valid users/ldap objects. This is the check in the udm identify method: » if b'0' in attr.get('uidNumber', []) or b'$' in attr.get('uid', [b''])[0] or b'univentionHost' in attr.get('objectClass', []) or b'functional' in attr.get('univentionObjectFlag', []): » » return False It looks as though it was copied from users/user which has the same check. I would assume that the functional UniventionObjectFlag is especially made for users/ldap objects and should not invalidate them. The sys-idp-user, created by 91univention-saml.inst is a users/ldap object with the addition of the functional flag and is currently "broken". Udm says: The object type of this object differs from the specified object type: The object uid=sys-idp-user,cn=users,$base is not a users/ldap.
See also / Duplicate Bug #39499
MR: https://git.knut.univention.de/univention/ucs/-/merge_requests/806
users/ldap has been changed so that it doesn't ignore univentionObjectType=functional objects anymore. b5a9bbb3da | feat(udm): detect users/ldap objects with univentionObjectType=functional again
QA: Code changes: OK YAML: OK Changelog: OK Functional users are shown in udm: OK Funcional users are not shown UMC: OK
<https://errata.software-univention.de/#/?erratum=5.0x739>