Bug 55633 – Disabled user does not show up in search result for disabled users if a user expiry date is set

Bug 55633 - Disabled user does not show up in search result for disabled users if a user expiry date is set


Summary:	Disabled user does not show up in search result for disabled users if a user ...

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2023-02-01 10:40 CET by Jürn Brodersen
Modified:	2023-02-01 11:49 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	5: Will affect all installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.086
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jürn Brodersen

2023-02-01 10:40:11 CET

Disabled user does not show up in search result for disabled users if a user expiry date is set

How to reproduce:
- Create a user and set it to disabled, it should now show up in the search results for disabled users.
- Add an expiry date (doesn't matter if it's in the future), it does not show up in the search results for disabled users. The disabled attribute is still set though.

Code:
https://git.knut.univention.de/univention/ucs/-/blob/5.0-2/management/univention-directory-manager-modules/modules/univention/admin/handlers/users/user.py#L2067
The filter expects "shadowExpire=1" which is not true for users with an expiry date.

Note:
I would recommend that we check that disabling a user and setting an expiry date does not break anything else (simple bind, posix, kerberos heimdal/mit). My exception would be, that disabling a user overrides the expiry date and it is locked immediately.