First Last Prev Next    This bug is not in your last search results.
Bug 56172 - Object copy fails if extended attributes for operational LDAP attributes are defined - bug in "copyable" flag?
Object copy fails if extended attributes for operational LDAP attributes are ...
Status: NEW
Product: UCS
Classification: Unclassified
Component: UDM - Extended Attributes
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-06-20 14:22 CEST by Ingo Steuwer
Modified: 2023-06-20 14:26 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.017
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2023-06-20 14:22:32 CEST 
Orginal bug report: https://help.univention.com/t/when-was-an-ldap-object-created-or-modified-display-ldap-operational-attributes-in-extended-attributes/20968/6?u=steuwer

To reproduce I created the 4 Extended Attributes for groups and users and tried to copy a group using UMC. I also had the error message "Das LDAP-Objekt konnte nicht gespeichert werden: LDAP-Fehler: Constraint violation: createTimestamp: no user modification allowed."

The same error occures if I want to copy a user object.

I assume that UDM tries to write something in the "createTimestamp" LDAP attribute, which is not allowed. Looking at the documentation I think not setting the "copyable" flag should prevent such a behaviour, but that is not the case here (the value is "None").

Full definition of the Extended Attribute:

DN: cn=createTimestamp,cn=custom attributes,cn=univention,[LDAP BASE]
  CLIName: createTimestamp
  copyable: None
  default: None
  deleteObjectClass: None
  disableUDMWeb: None
  doNotSearch: None
  fullWidth: None
  groupName: object creation
  groupPosition: 1
  hook: None
  ldapMapping: createTimestamp
  longDescription: Database timestamp of the LDAP object creation, typically UTC
  mayChange: None
  module: users/user
  module: groups/group
  multivalue: None
  name: createTimestamp
  notEditable: 0
  objectClass: top
  overwritePosition: None
  overwriteTab: None
  shortDescription: timestamp of object creation
  syntax: string
  tabAdvanced: None
  tabName: LDAP details
  tabPosition: 1
  translationGroupName: de_DE: Objekterstellung
  translationLongDescription: de_DE: Zeitpunkt der Erstellung des LDAP Objekts, typischer Weise UTC
  translationShortDescription: de_DE: Zeitstempel der Objekterstellung
  translationTabName: de_DE: LDAP Details
  valueRequired: None
  version: 2
Comment 1 Ingo Steuwer univentionstaff 2023-06-20 14:24:35 CEST 
This might also be the root cause of Bug #55670
First Last Prev Next    This bug is not in your last search results.