Univention Bugzilla – Bug 57046
Creating a new policy for a container deletes existing policies
Last modified: 2024-03-07 13:07:34 CET
Created attachment 11194 [details] Screenshot UCS: 5.0-6 errata928 If a new policy is to be created and policies already exist for a container, the policies already assigned are removed and the new one is created. I was able to recreate the following situation repeatedly in the UMC: 1. I switch to a container via the LDAP directory. 2) I switch to policies in the container. 3. in the UCR policies, I already have several assignments and the "Create new policy" button. 4. this way I create a new policy and save it. 5) This takes me back to the container. 6. only the new policy is still assigned there, i.e. the other assignments have been removed without a note. I attached a screenshot to make it easier to understand. The fact that the existing assignments are simply removed on the side is a behavior that I do not expect and, in my view, does not represent the UMC accordingly. My expectation is that the new guidelines will be added.
I copy a command from another bug, because the descriped situation fits to this bug and creates a severity 1 ticket in the support. From Bug 53171 This bug was originally reported for UCS 4.4, but it's still reproducible with UCS 5.0-6. I have added a ticket describing a major incident caused by an accidentally overwritten policy due to this bug. In that case, a policy was overwritten that removed the ppolicy-overlay environment-wide. That policy was connected to the ou=dc,ou=computers,... The behavior occurs not only on the root container but on every ou. The workaround is working but does NOT prevent the situation which can cause serious incidents! A customer cannot expect situations like the described one. The workaround is just helpful afterwards. I also change the flags from this bug, because the pain from this bug is high and have to get more priority please.
UCR policies are multivalue, however this was not represented in the UMC. However multiple UCR policies could be added via the UDM CLI. If there was no UCR policy assigned to an object it was not possible to add a new one via the UMC, since the `max` property of the `PolicyInput` was set to 1. However this would break when there were multiple UCR policies already attached via the UDM CLI. The button to add a new policy is present, however attempting to add a new UCR policy would lead to ONLY that new policy being set and the old ones overwritten. Additionally a frontend test has been created to check the new behavior. univention-management-console-module-udm.yaml 3ad7051dffaa | fix(umc): setting UCR policies in UMC no longer overrides old ones univention-management-console-module-udm (10.0.9-4) 3ad7051dffaa | fix(umc): setting UCR policies in UMC no longer overrides old ones univention-directory-manager-modules.yaml 3ad7051dffaa | fix(umc): setting UCR policies in UMC no longer overrides old ones univention-directory-manager-modules (15.0.25-9) 3ad7051dffaa | fix(umc): setting UCR policies in UMC no longer overrides old ones ucs-test (10.0.20-39) 9f68e10ce6f6 | test(umc): create playwright test for the LDAP directory UMC module
*** Bug 53171 has been marked as a duplicate of this bug. ***
OK: multiple UCR policies can now be referenced to one objects OK: UMC detects the correct polices, saving policies saves the correct ones OK: advisory
<https://errata.software-univention.de/#/?erratum=5.0x991> <https://errata.software-univention.de/#/?erratum=5.0x993>