Description Christina Scheinig 2023-02-13 12:31:43 CET

+++ This bug was initially created as a clone of Bug #20235 +++

Ich habe gerade versucht "creatorsName" oder "modifyTimestamp" per Extended Attribute azuzeigen, die Felder sind aber leer. Es wäre sehr angenehm wenn das ginge.

Ich vermute dass dazu beim Suchen nach Objekten "+" in die Liste der Attribute im search aufgenommen werden muss; wenn vorher kein Attribute angegeben war müsste man ["*","+"] mitgeben.


A customer created the extended Attributes as described in 
https://help.univention.com/t/when-was-an-ldap-object-created-or-modified-display-ldap-operational-attributes-in-extended-attributes/20968

Unfortunately the computer import did not work anymore.
```
# /usr/share/ucs-school-import/scripts/import_computer 20230130-ersatz-kab3-ohnebeschreibung.csv
input file is  : 20230130-ersatz-kab3-ohnebeschreibung.csv
Processing line 1: windows      eins-kab3-001   2c:f0:5d:02:f0:63       gym_one 10.3.8.11/16
set ip to 10.3.8.11 is not net 10.3.0.0
Traceback (most recent call last):
 File "/usr/lib/python3/dist-packages/univention/admin/uldap.py", line 807, in modify
   return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback)
 File "/usr/lib/python3/dist-packages/univention/uldap.py", line 211, in _decorated
   return func(self, *args, **kwargs)
 File "/usr/lib/python3/dist-packages/univention/uldap.py", line 766, in modify
   self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response)
 File "/usr/lib/python3/dist-packages/univention/uldap.py", line 211, in _decorated
   return func(self, *args, **kwargs)
 File "/usr/lib/python3/dist-packages/univention/uldap.py", line 825, in modify_ext_s
   rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls)
 File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1253, in modify_ext_s
   return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs)
 File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
   return func(self,*args,**kwargs)
 File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 602, in modify_ext_s
   resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
 File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
   resp_ctrl_classes=resp_ctrl_classes
 File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
   ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
 File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
   reraise(exc_type, exc_value, exc_traceback)
 File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
   raise exc_value
 File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
   result = func(*args,**kwargs)
ldap.CONSTRAINT_VIOLATION: {'desc': 'Constraint violation', 'info': 'creatorsName: no user modification allowed'}
```
The problem does not occur with IPmanagedclients clients, because they don’t have a group (by default) in comparison to windows

# udm computers/ipmanagedclient list --filter cn=ip-client-032 | egrep group
vs
# udm computers/windows list --filter cn=eins-kab3-001 | egrep group
groups: cn=Windows Hosts,cn=groups,dc=schein,dc=me
primaryGroup: cn=Windows Hosts,cn=groups,dc=schein,dc=me

The import will work again, if the extended attribute is removed, or the module groups/group is removed.

$ udm settings/extended_attribute modify --dn “cn=creatorsName,cn=custom attributes,cn=univention,dc=schein,dc=me” --remove module="groups/group