Univention Bugzilla – Bug 57110
add guardian role attributes to UDM
Last modified: 2024-04-03 13:10:56 CEST
Add guardian role attributes to LDAP schema.
Package: univention-ldap Version: 16.0.15-2 Branch: ucs_5.0-0 Scope: errata5.0-7 Package: univention-management-console-module-udm Version: 10.0.10-2 Branch: ucs_5.0-0 Scope: errata5.0-7 Package: univention-directory-manager-rest Version: 10.0.8-4 Branch: ucs_5.0-0 Scope: errata5.0-7 Package: univention-directory-manager-modules Version: 15.0.26-4 Branch: ucs_5.0-0 Scope: errata5.0-7 8d9726b52d Bug #57110: Advisory e936a71e95 Bug #57110: README for guardian team 0e9dd78d2a Bug #57110: Show inherited roles in UMC 15801f842d Bug #57110: Add tests for guardianRoles cc1069ab84 feat(udm-rest): allow to query expensive properties d2148659ba Bug #57110: Load guardianInheritedRoles 746a09fec8 Bug #57110: Add LDAP ACLs 8518100b06 Bug #57110: added LDAP schema 2bf6576433 Bug #57110: Add guardianInheritedRole We added the option to UDM to specify lazy loading properties which are only fetched if they are explicitely requested. UDM and UDM REST API have been adjusted so that properties can be passed to them, so that only those are fetched. UDM CLI has a --properties flag to pass those properties. The properties guardianRoles, guardianMemberRoles and guardianInheritedRoles have been added for the guardian app. GuardianInheritedRoles is only fetched if explicitely requested. GuardianInheritedRoles is calculated from guardianMemberRoles, which is set on a group.This is calculated on the fly. GuardianRoles directly affects the object it is set on.
Please see comments on commit https://git.knut.univention.de/univention/ucs/-/commit/d2148659ba9d3d6bfd925bec5b33bdaa2c48b073
790c97289517be97b0f60e84d1cfa580858d183a: itertools cb61b59d2c775d204ed77e876ab8613cd76e1dea: advisory dc3388fd67f7e8635d8fd5d3614e39e02be0c2c8: remove unused get_nested_groups 6fea43ccc12b54e0080b00ea5bed0ef781c3e7cb: fix cache Package: univention-directory-manager-modules Version: 15.0.26-6 Branch: ucs_5.0-0 Scope: errata5.0-7
Package: univention-directory-manager-modules Version: 15.0.26-7 Branch: ucs_5.0-0 Scope: errata5.0-7 aa43cef3e99cfcc111914ef00338ae5e902214a8: fix itertools
Verified: * Code check in 5.0-7, 5.1-0, 5.2-0 * Package update (5.0-7, 5.2-0) * Functional test * Test-case * Advisories ** univention-directory-manager-modules ** univention-directory-manager-rest ** univention-ldap ** univention-management-console-module-udm Minor adjustment: 8b51fb38fa | Advisory wording
We have on problem with the ACL's on the replica. If we install the update on a replica first, slapd refuses to start and complains about "/etc/ldap/slapd.conf: line 231: unknown attr "univentionGuardianRoles" in to clause 6602d5d5 <access c" and refuses to start.
We now register the LDAP ACL on the primary only. So only if the primary was updated, the ACL and the schema is registered in the domain, which circumvents the error on upgrade.
<https://errata.software-univention.de/#/?erratum=5.0x1015> <https://errata.software-univention.de/#/?erratum=5.0x1016> <https://errata.software-univention.de/#/?erratum=5.0x1017> <https://errata.software-univention.de/#/?erratum=5.0x1018>