Univention Bugzilla – Bug 55563
UDM_Objects syntax class (Attributes hosts, users, etc.) doesn't allow commas in DNs, but Containers can have commas
Last modified: 2023-02-01 17:24:19 CET
A customer created a container which contained commas in it , eg. "PCs, Julia, etc" under cn=computers in UMC. When trying to add a new computer underneath this container(also in UMC), he got 'The LDAP object could not be saved: Invalid syntax. hosts: Not a valid LDAP DN' because UDM tried to add the new DN as a host to the computer groups. All attributes that use the UDM_Objects syntax class, e.g. "users" and "hosts" don't allow commas in the DN by using this regex regex = re.compile('^([^=,]+=[^=,]+,)*[^=,]+=[^=,]+$') Commas in DNs are allowed in LDAP though. We should consolidate this behaviour and either allow commas in DNs or not.
We should allow it: most (almost all except this case) code is prepared for this. Note: the same error exists for the "ldapDn" and "ldapDnOrNone" syntax classes.
See [RFC4514 LDAP String Representation of Distinguished Names][https://www.rfc-editor.org/rfc/rfc4514) Consider using [ldap.dn.str2dn()](https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap-dn.html#ldap.dn.str2dn) instead of using a RegExp we have to maintain ourselves. >>> ldap.dn.str2dn(r"a=b\,b\2cb b+c=d,e=f") [[('a', 'b,b,b b', 1), ('c', 'd', 1)], [('e', 'f', 1)]] >>> ldap.dn.str2dn(r"a=b\,b\2cb b+c=d,e=f,=") Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3/dist-packages/ldap/dn.py", line 52, in str2dn return ldap.functions._ldap_function_call(None,_ldap.str2dn,dn,flags) File "/usr/lib/python3/dist-packages/ldap/functions.py", line 55, in _ldap_function_call result = func(*args,**kwargs) ldap.DECODING_ERROR If you work on this please try to move the RegExp (or the logic) to a common base-class (or declare it globally) for `UDM_Objects` and `ldapDn` and `ldapDnOrNone` so it needs to be updated only in one location in the future. And remove the wrong type annotation `Optional[Pattern]` as it is wrong and unneeded.
univention-directory-manager-modules.yaml 758b4ef38bef | Bug #55563: univention-directory-manager-modules 15.0.13-28A~5.0.0.202301301133 bddf98f26e78 | Bug #55563: changelog and advisory univention-directory-manager-modules (15.0.13-28) bddf98f26e78 | Bug #55563: changelog and advisory univention-directory-manager-modules (15.0.13-27) c3f5b1122f52 | Bug #55563: Fix UDM_Object syntax class to allow commas in DN's changelog-4.0-0.xml r55563 | Update changelog (Bug #36055)
Manual tests with "," (and more): OK Code: OK YAML: OK Nightly tests: OK No regressions found
<https://errata.software-univention.de/#/?erratum=5.0x562>