Comment 1 Julia Bremer 2024-03-18 18:59:37 CET

Package: univention-ldap
Version: 16.0.15-2
Branch: ucs_5.0-0
Scope: errata5.0-7

Package: univention-management-console-module-udm
Version: 10.0.10-2
Branch: ucs_5.0-0
Scope: errata5.0-7

Package: univention-directory-manager-rest
Version: 10.0.8-4
Branch: ucs_5.0-0
Scope: errata5.0-7


Package: univention-directory-manager-modules
Version: 15.0.26-4
Branch: ucs_5.0-0
Scope: errata5.0-7


8d9726b52d Bug #57110: Advisory
e936a71e95 Bug #57110: README for guardian team
0e9dd78d2a Bug #57110: Show inherited roles in UMC
15801f842d Bug #57110: Add tests for guardianRoles
cc1069ab84 feat(udm-rest): allow to query expensive properties
d2148659ba Bug #57110: Load guardianInheritedRoles
746a09fec8 Bug #57110: Add LDAP ACLs
8518100b06 Bug #57110: added LDAP schema
2bf6576433 Bug #57110: Add guardianInheritedRole

We added the option to UDM to specify lazy loading properties which are only fetched if they are explicitely requested.
UDM and UDM REST API have been adjusted so that properties can be passed to them, so that only those are fetched.
UDM CLI has a --properties flag to pass those properties.

The properties guardianRoles, guardianMemberRoles and guardianInheritedRoles have been added for the guardian app. 
GuardianInheritedRoles is only fetched if explicitely requested.

GuardianInheritedRoles is calculated from guardianMemberRoles, which is set on a group.This is calculated on the fly.
GuardianRoles directly affects the object it is set on.

Comment 3 Daniel Tröder 2024-03-19 09:25:16 CET

Please see comments on commit https://git.knut.univention.de/univention/ucs/-/commit/d2148659ba9d3d6bfd925bec5b33bdaa2c48b073

Comment 4 Felix Botner 2024-03-19 12:32:20 CET

790c97289517be97b0f60e84d1cfa580858d183a: itertools
cb61b59d2c775d204ed77e876ab8613cd76e1dea: advisory
dc3388fd67f7e8635d8fd5d3614e39e02be0c2c8: remove unused get_nested_groups
6fea43ccc12b54e0080b00ea5bed0ef781c3e7cb: fix cache

Package: univention-directory-manager-modules
Version: 15.0.26-6
Branch: ucs_5.0-0
Scope: errata5.0-7

Comment 5 Felix Botner 2024-03-19 21:48:16 CET

Package: univention-directory-manager-modules
Version: 15.0.26-7
Branch: ucs_5.0-0
Scope: errata5.0-7

aa43cef3e99cfcc111914ef00338ae5e902214a8: fix itertools

Comment 6 Arvid Requate 2024-03-25 10:40:40 CET

Verified:
* Code check in 5.0-7, 5.1-0, 5.2-0
* Package update (5.0-7, 5.2-0)
* Functional test
* Test-case
* Advisories
** univention-directory-manager-modules
** univention-directory-manager-rest
** univention-ldap
** univention-management-console-module-udm

Minor adjustment:
8b51fb38fa | Advisory wording

Comment 7 Felix Botner 2024-03-26 17:21:20 CET

We have on problem with the ACL's on the replica.

If we install the update on a replica first, slapd refuses to start and complains about "/etc/ldap/slapd.conf: line 231: unknown attr "univentionGuardianRoles" in to clause 6602d5d5 <access c" and refuses to start.

Comment 8 Julia Bremer 2024-03-28 15:09:30 CET

We now register the LDAP ACL on the primary only.
So only if the primary was updated, the ACL and the schema is registered in the domain, which circumvents the error on upgrade.

Comment 9 Iván.Delgado 2024-04-03 13:10:56 CEST

<https://errata.software-univention.de/#/?erratum=5.0x1015>
<https://errata.software-univention.de/#/?erratum=5.0x1016>
<https://errata.software-univention.de/#/?erratum=5.0x1017>
<https://errata.software-univention.de/#/?erratum=5.0x1018>