Bug 55884 – [5.0] hard coded 'admins-' group prefix in ucsschool.lib.consistency

Bug 55884 - [5.0] hard coded 'admins-' group prefix in ucsschool.lib.consistency


Summary:	[5.0] hard coded 'admins-' group prefix in ucsschool.lib.consistency

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Ucsschool-lib
Version:	UCS@school 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 5.0 v5
Assigned To:	Julian Helms
QA Contact:	Tobias Wenzel

URL:
Keywords:

Depends on:
Blocks:	55885
	Show dependency tree / graph

Reported:	2023-03-16 15:35 CET by Daniel Tröder
Modified:	2024-03-21 15:49 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.017
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	bitesize
Max CVSS v3 score:

Attachments
before fix (64.53 KB, image/png) 2024-02-06 13:44 CET, Tobias Wenzel	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tröder

2023-03-16 15:35:56 CET

The diagnostic module shows errors, when a customer uses  non-standard prefix for the school admins group (default is 'admins-').

The prefix con be configured with UCRV ucsschool/ldap/default/groupprefix/admins.

ucsschool.lib.consistency correctly uses the UCRV in UserCheck.__init__(), but forgets to do that in check_mandatory_groups_exist() -> mandatory_groups[-1].

It should either use the UCRV like in __init__() or better also change that code to use SchoolSearchBase([ou]).admins_group.

Comment 1 Julian Helms

2024-02-06 13:43:11 CET

As discussed - Merged and built:

Package: ucs-school-lib
Version: 13.0.44
Branch: ucs_5.0-0
Scope: ucs-school-5.0

---

Package: ucs-test-ucsschool 
Version: 7.3.162
Branch: ucs_5.0-0
Scope: ucs-school-5.0

Comment 2 Tobias Wenzel

2024-02-06 13:44:33 CET

Created attachment 11193 [details]
before fix

behaviour before fix

Comment 3 Tobias Wenzel

2024-02-06 13:46:03 CET

Manual QA in a multiserver env, on primary:

- [x] manual QA -> see below
- [x] code review
- [x] changelog ok
- [x] advisory ok
- [x] tests pass on vm


univention-app info
UCS: 5.0-6 errata916
Installed: self-service-backend=5.0 ucsschool=5.0 v4


Behavior before fix:

$ ucr set ucsschool/ldap/default/groupprefix/admins="super_people-"
service univention-management-console-server restart


I renamed the admins group of the existing groups and put the `demo_admin` in this group

- cn=admins-DEMOSCHOOL,cn=ouadmins,cn=groups,dc=school,dc=test
- cn=admins-school1,cn=ouadmins,cn=groups,dc=school,dc=test
- cn=admins-school2,cn=ouadmins,cn=groups,dc=school,dc=test

by renaming them in the UMC groups module to have the prefix `super_people-`, .e.g. `super_people-DEMOSCHOOL`. This way they are part of the correct group, only the UCR-variable is not correct.

-> see attachment

After the fix, I didn't get a warning.

Comment 4 Julian Helms

2024-02-08 13:27:54 CET

Fix test wrong group membership

As discussed - merged and built

Package: ucs-test-ucsschool
Version: 7.3.165
Branch: ucs_5.0-0
Scope: ucs-school-5.0

Comment 5 Tobias Wenzel

2024-02-13 09:30:05 CET

Thanks for fixing the test. Setting to verify.

Comment 6 Johannes Königer

2024-03-21 15:49:46 CET

UCS@school 5.0 v5 has been released.

- https://docs.software-univention.de/ucsschool-changelog/5.0v5/en/changelog.html
- https://docs.software-univention.de/ucsschool-changelog/5.0v5/de/changelog.html

If this error occurs again, please clone this bug.