Univention Bugzilla – Bug 56589
Saving changes in Administrative workgroups removes mail address
Last modified: 2023-11-16 14:21:07 CET
This behavior is reproducible and was tested with: UCS: 5.0-4 errata794 ucsschool=5.0 v4 The "mail address" of a group, which was set via "Groups" -> "Advanced Settings" is deleted after saving changes or editing the group via "Administrative workgroups". This happens even without any changes just by pressing the button "save changes". BTW: The mail address is in the module "Administrative workgroups" not visible in any case. There is a greyed out field "Email address" seemingly without any content. The next time (after the above bug happened) the lower email part in the regarding workgroup is gone. There is no useful workaround or recommendation for the customer. snip from management-console-module-schoolgroups.log (debug-level 4) 14.09.23 12:59:29.102 MODULE ( PROCESS ) : Received request 'schoolgroups/put': ('hugoschooladmin', 'workgroup-admin', None, 'en_US.UTF-8') 14.09.23 12:59:29.119 LDAP ( ALL ) : establishing new connection with retry_max=11 14.09.23 12:59:29.130 LDAP ( ALL ) : bind binddn=cn=ms1-primary,cn=dc,cn=computers,dc=musterschule1,dc=intranet 14.09.23 12:59:29.146 LDAP ( ALL ) : uldap.search filter=(&(cn=*)(|(&(objectClass=univentionGroup))(&(objectClass=sambaGroupMapping)))) base=cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.150 ADMIN ( ALL ) : admin.hook.schoolAdminGroup: _open called 14.09.23 12:59:29.150 LDAP ( ALL ) : uldap.search filter=(&(objectClass=posixGroup)(uniqueMember=cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet)) base= scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.152 ADMIN ( INFO ) : groups/group: open(): member check duration: 0.00s 14.09.23 12:59:29.153 LDAP ( ALL ) : uldap.search filter=(&(univentionObjectType=users/user)(!(uidNumber=0))(!(univentionObjectFlag=functional))) base=uid=vschueler1,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*', 'pwdAccountLockedTime', 'memberOf'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.179 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.179 LDAP ( ALL ) : uldap.search filter=(&(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5025)) base= scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.186 LDAP ( ALL ) : uldap.search filter=(&(univentionObjectType=users/user)(!(uidNumber=0))(!(univentionObjectFlag=functional))) base=uid=vschueler2,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*', 'pwdAccountLockedTime', 'memberOf'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.206 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.208 MODULE ( INFO ) : Modifying group "cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet" with members: ['uid=vschueler1,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet', 'uid=vschueler2,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet'] 14.09.23 12:59:29.208 MODULE ( INFO ) : New members: ['uid=vschueler1,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet', 'uid=vschueler2,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet'] 14.09.23 12:59:29.208 MODULE ( INFO ) : Removed members: set() 14.09.23 12:59:29.208 LDAP ( ALL ) : uldap.search filter=(&(univentionObjectType=users/user)(!(uidNumber=0))(!(univentionObjectFlag=functional))) base=uid=vschueler1,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*', 'pwdAccountLockedTime', 'memberOf'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.212 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.212 LDAP ( ALL ) : uldap.search filter=(&(|(objectClass=posixGroup)(objectClass=sambaGroupMapping))(gidNumber=5025)) base= scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.215 LDAP ( ALL ) : uldap.search filter=(&(univentionObjectType=users/user)(!(uidNumber=0))(!(univentionObjectFlag=functional))) base=uid=vschueler2,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*', 'pwdAccountLockedTime', 'memberOf'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.219 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.220 LDAP ( ALL ) : uldap.search filter=(&(univentionObjectType=users/user)(!(uidNumber=0))(!(univentionObjectFlag=functional))) base=uid=vschueler1,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*', 'pwdAccountLockedTime', 'memberOf'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.223 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.225 LDAP ( ALL ) : uldap.search filter=(&(univentionObjectType=users/user)(!(uidNumber=0))(!(univentionObjectFlag=functional))) base=uid=vschueler2,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*', 'pwdAccountLockedTime', 'memberOf'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.228 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.231 LDAP ( ALL ) : uldap.search filter=(&(objectClass=organizationalUnit)(!(objectClass=univentionBase))) base=ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.232 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.232 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _open called 14.09.23 12:59:29.237 ADMIN ( ALL ) : admin.hook.schoolAdminGroup: _open called 14.09.23 12:59:29.237 LDAP ( ALL ) : uldap.search filter=(&(objectClass=posixGroup)(uniqueMember=cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet)) base= scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: memberOf:[] 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: hosts:[] 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: nestedGroup:[] 14.09.23 12:59:29.238 ADMIN ( INFO ) : groups/group: open(): member check duration: 0.00s 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: ucsschoolRole:['workgroup:school:DEMOSCHOOL'] 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: description: 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: name:DEMOSCHOOL-workgroup1 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: allowedEmailUsers:['uid=vschueler1,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet', 'uid=vschueler2,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet'] 14.09.23 12:59:29.238 ADMIN ( INFO ) : values are identical: allowedEmailGroups:[] 14.09.23 12:59:29.239 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _ldap_pre_modify called 14.09.23 12:59:29.239 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _ldap_modlist called 14.09.23 12:59:29.239 ADMIN ( INFO ) : simpleLdap._modify: extended attribute='objectFlag' oc='univentionObject' 14.09.23 12:59:29.239 ADMIN ( INFO ) : simpleLdap._modify: extended attribute='serviceprovidergroup' oc='univentionSAMLEnabledGroup' 14.09.23 12:59:29.239 ADMIN ( INFO ) : simpleLdap._modify: extended attribute='school' oc='ucsschoolAdministratorGroup' 14.09.23 12:59:29.239 ADMIN ( INFO ) : simpleLdap._modify: extended attribute='ucsschoolRole' oc='ucsschoolGroup' 14.09.23 12:59:29.239 ADMIN ( INFO ) : simpleLdap._modify: extended attribute='ucsschoolImportSchool' oc='ucsschoolImportGroup' 14.09.23 12:59:29.239 ADMIN ( INFO ) : simpleLdap._modify: extended attribute='ucsschoolImportRole' oc='ucsschoolImportGroup' 14.09.23 12:59:29.239 LDAP ( ALL ) : mod dn=cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet ml=[('mailPrimaryAddress', b'workgroup1@demoschool.example.com', b'')] 14.09.23 12:59:29.239 LDAP ( ALL ) : uldap.modify cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet 14.09.23 12:59:29.261 ADMIN ( INFO ) : admin.syntax.hook.simpleHook: _ldap_post_modify called 14.09.23 12:59:29.265 LDAP ( ALL ) : uldap.search filter=(&(cn=*)(|(&(objectClass=univentionGroup))(&(objectClass=sambaGroupMapping)))(cn=DEMOSCHOOL-workgroup1)) base=dc=musterschule1,dc=intranet scope=sub attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.269 ADMIN ( ALL ) : admin.hook.schoolAdminGroup: _open called 14.09.23 12:59:29.269 LDAP ( ALL ) : uldap.search filter=(&(objectClass=posixGroup)(uniqueMember=cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet)) base= scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.270 ADMIN ( INFO ) : groups/group: open(): member check duration: 0.00s 14.09.23 12:59:29.284 LDAP ( ALL ) : establishing new connection with retry_max=11 14.09.23 12:59:29.289 LDAP ( ALL ) : bind binddn=cn=ms1-primary,cn=dc,cn=computers,dc=musterschule1,dc=intranet 14.09.23 12:59:29.316 LDAP ( ALL ) : uldap.search filter=(&(objectClass=univentionShare)) base=cn=DEMOSCHOOL-workgroup1,cn=shares,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.321 ADMIN ( INFO ) : values are identical: printablename:DEMOSCHOOL-workgroup1 (DEMOSCHOOL.musterschule1.intranet) 14.09.23 12:59:29.322 ADMIN ( INFO ) : values are identical: name:DEMOSCHOOL-workgroup1 14.09.23 12:59:29.322 ADMIN ( INFO ) : values are identical: ucsschoolRole:['workgroup_share:school:DEMOSCHOOL'] 14.09.23 12:59:29.322 ADMIN ( INFO ) : simpleLdap._modify: extended attribute='ucsschoolRole' oc='ucsschoolShare' 14.09.23 12:59:29.323 LDAP ( ALL ) : mod dn=cn=DEMOSCHOOL-workgroup1,cn=shares,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet ml=[] 14.09.23 12:59:29.323 LDAP ( ALL ) : uldap.modify cn=DEMOSCHOOL-workgroup1,cn=shares,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet 14.09.23 12:59:29.323 LDAP ( ALL ) : uldap.search filter=(&(objectClass=univentionShare)) base=cn=DEMOSCHOOL-workgroup1,cn=shares,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=base attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.327 MODULE ( INFO ) : Modified, group has now members: ['uid=vschueler2,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet', 'uid=vschueler1,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet'] 14.09.23 12:59:29.327 MODULE ( ALL ) : Executed handler 14.09.23 12:59:29.398 MODULE ( PROCESS ) : Received request 'schoolgroups/query': ('hugoschooladmin', 'workgroup-admin', None, 'en_US.UTF-8') 14.09.23 12:59:29.400 LDAP ( ALL ) : uldap.search filter=(&(cn=*)(|(&(objectClass=univentionGroup))(&(objectClass=sambaGroupMapping)))(|(cn=DEMOSCHOOL-*)(description=DEMOSCHOOL-*)(mailPrimaryAddress=DEMOSCHOOL-*))) base=cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet scope=sub attr=['entryCSN', 'entryUUID', 'modifyTimestamp', '*'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.431 ADMIN ( ALL ) : admin.hook.schoolAdminGroup: _open called 14.09.23 12:59:29.432 LDAP ( ALL ) : uldap.search filter=(&(objectClass=posixGroup)(uniqueMember=cn=DEMOSCHOOL-workgroup1,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=musterschule1,dc=intranet)) base= scope=sub attr=['dn'] unique=0 required=0 timeout=-1 sizelimit=0 14.09.23 12:59:29.433 ADMIN ( INFO ) : groups/group: open(): member check duration: 0.00s 14.09.23 12:59:29.434 MODULE ( ALL ) : Executed handler
Additional info: If the error occurred and the email address is gone, and then the administrative workgroup is changed again, the “users allowed to send emails to the group” will also disappear.
Customer wrote to us, that he had to repair dozens of groups again by hand. They don't notice when a user is added to a group at a school. I've changed cfprio to 5, because we DON'T have a workaround for the customer!
Seems like it is a frontend bug. On a GET request we receive the email address, but we neither show the email in the frontend, nor send it back via the PUT: GET ```json { "result":[ { "$dn$":"cn=DEMOSCHOOL-example_group,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=school,dc=test", "objectType":"groups/group", "school":"DEMOSCHOOL", "ucsschool_roles":[ "workgroup:school:DEMOSCHOOL" ], "description":"An example group.", "name":"example_group", "email":"demo@demoschool.example.com", "allowed_email_senders_users":[ ], "allowed_email_senders_groups":[ ], "create_share":true, "create_email":true, "email_exists":true, "members":[ { "id":"uid=demo_teacher,cn=lehrer,cn=users,ou=DEMOSCHOOL,dc=school,dc=test", "label":"Teacher, Demo (demo_teacher)" }, { "id":"uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=test", "label":"Student, Demo (demo_student)" }, { "id":"uid=demo_staff,cn=mitarbeiter,cn=users,ou=DEMOSCHOOL,dc=school,dc=test", "label":"Staff, Demo (demo_staff)" } ] } ], "error":null, "reason":null, "status":200 } ``` PUT ```json { "options":[ { "object":{ "school":"DEMOSCHOOL", "name":"example_group", "description":"An example group.", "members":[ "uid=demo_staff,cn=mitarbeiter,cn=users,ou=DEMOSCHOOL,dc=school,dc=test", "uid=demo_student,cn=schueler,cn=users,ou=DEMOSCHOOL,dc=school,dc=test", "uid=demo_teacher,cn=lehrer,cn=users,ou=DEMOSCHOOL,dc=school,dc=test" ], "create_share":true, "email_exists":true, "create_email":true, "email":"", "allowed_email_senders_users":[ ], "allowed_email_senders_groups":[ ], "$dn$":"cn=DEMOSCHOOL-example_group,cn=schueler,cn=groups,ou=DEMOSCHOOL,dc=school,dc=test" }, "options":null } ], "flavor":"workgroup-admin" } ```
83182c7e8 Bug #56589: advisory d5d7b06f0 Bug #56589: fix "Administrate workgroups" module not showing set emai Successful build Package: ucs-school-umc-groups Version: 10.0.10 Branch: ucs_5.0-0 Scope: ucs-school-5.0 Successful build Package: ucs-test-ucsschool Version: 7.3.151 Branch: ucs_5.0-0 Scope: ucs-school-5.0
Code Review: OK Reproduce problem: OK Changes fix problem: OK
Errata updates for UCS@school 5.0 v4 have been released. https://docs.software-univention.de/ucsschool-changelog/5.0v4/en/changelog.html https://docs.software-univention.de/ucsschool-changelog/5.0v4/de/changelog.html If this error occurs again, please clone this bug.