Bug 57228 - users/ldap cannot be modified using the "LDAP directory UMC module" anymore
Summary: users/ldap cannot be modified using the "LDAP directory UMC module" anymore
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
Version: UCS 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: UCS 5.0-7-errata
Assignee: Iván.Delgado
QA Contact: Christian Castens
URL: https://git.knut.univention.de/univen...
Keywords:
: 57227 57305 (view as bug list)
Depends on:
Blocks:
 
Reported: 2024-04-19 10:10 CEST by Julia Bremer
Modified: 2024-05-21 15:53 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2024041521000078, 2024041521000096
Bug group (optional): Regression
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Julia Bremer univentionstaff 2024-04-19 10:10:04 CEST 
When we added the guardianInheritedRoles to UDM during Bug #57111 to all users and computer objects.
We added them to users/ldap as well, not realizing, that those users have no group property.
While creation is succesful, when trying to modify the user in the "LDAP directory" UMC module it fails with this traceback:

Internal server error during "udm/get (navigation)".
Request: udm/get (navigation)

Traceback (most recent call last):
  File "%PY3%/univention/management/console/modules/decorators.py", line 259, in _run
    result = self._function(*args, **kwargs)  # type: Union[BaseException, _T]
  File "%PY3%/univention/management/console/modules/udm/__init__.py", line 496, in get
    return self._get(request)
  File "%PY3%/univention/management/console/modules/udm/__init__.py", line 553, in _get
    prop.lazy_load(obj)
  File "%PY3%/univention/admin/__init__.py", line 398, in lazy_load
    getattr(obj, self.lazy_loading_fn)()
  File "%PY3%/univention/admin/guardian_roles.py", line 141, in open_guardian
    self.info['guardianInheritedRoles'] = load_roles(self.lo, self['groups'] + [self['primaryGroup']])
  File "%PY3%/univention/admin/handlers/__init__.py", line 525, in __getitem__
    elif key not in self.__no_default and self.descriptions[key].editable:
KeyError: 'groups'


The guardianInheritedRoles are only fetched when using the UMC. UDM create, modify etc. works as expected. 
We need to remove the guardianInheritedRoles attribute from users/ldap. 
I think they still need guardianRoles though.
Comment 1 Erik Damrose univentionstaff 2024-05-07 14:05:25 CEST 
> When we added the guardianInheritedRoles to UDM during Bug #57111 to all users and computer objects.

Correct bug is 57110
Comment 3 Jan-Luca Kiok univentionstaff 2024-05-13 14:27:07 CEST 
*** Bug 57227 has been marked as a duplicate of this bug. ***
Comment 4 Iván.Delgado univentionstaff 2024-05-14 12:52:50 CEST 
Property guardianInheritedRoles was removed from users/ldap


5.0-7
univention-directory-manager-modules.yaml
6b3e4c98cf4d | Bug #57228: Remove guardian roles properties from users/ldap

univention-directory-manager-modules (15.0.26-10)
6b3e4c98cf4d | Bug #57228: Remove guardian roles properties from users/ldap


5.1-0
univention-directory-manager-modules (16.0.21)
c482dde179a2 | Bug #57228: Remove guardian roles properties from users/ldap


5.2-0
univention-directory-manager-modules (17.0.9)
c0d47daa5697 | Bug #57228: Remove guardian roles properties from users/ldap
Comment 5 Iván.Delgado univentionstaff 2024-05-14 12:57:28 CEST 
Package: univention-directory-manager-modules
Version: 15.0.26-10
Branch: ucs_5.0-0-errata5.0-7
Scope: errata5.0-7


Package: univention-directory-manager-modules
Version: 16.0.21
Branch: ucs_5.1-0
Scope: 


Package: univention-directory-manager-modules
Version: 17.0.9
Branch: ucs_5.2-0
Scope:
Comment 7 Iván.Delgado univentionstaff 2024-05-15 10:45:48 CEST 
5.0-7

ucs-test (10.0.21-43)
a134f930daab | fix(test): fix 77_test_roles remove guardianInheritedRoles from users/ldap

5.1-0

ucs-test (11.0.39)
f7d4f5b8862f | fix(test): fix 77_test_roles remove guardianInheritedRoles from users/ldap

5.2-0

ucs-test (12.0.79)
ede5fe8f42b5 | fix(test): fix 77_test_roles remove guardianInheritedRoles from users/ldap
Comment 8 Christian Castens univentionstaff 2024-05-15 11:36:58 CEST 
QA:
  OK: manual QA - opening/modifying users/ldap object in UMC
  OK: changes were applied to 5.0-7, 5.1-0 and 5.2-0
  OK: jenkins test results
  OK: advisories
Comment 9 Christian Castens univentionstaff 2024-05-15 12:32:13 CEST 
<https://errata.software-univention.de/#/?erratum=5.0x1048>
Comment 10 Jan-Luca Kiok univentionstaff 2024-05-21 15:53:58 CEST 
*** Bug 57305 has been marked as a duplicate of this bug. ***