Bug 57394 – Configure synchronization from/to Active Directory based on "allow list"

Bug 57394 - Configure synchronization from/to Active Directory based on "allow list"


Summary:	Configure synchronization from/to Active Directory based on "allow list"

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	AD Connector
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-8-errata
Assigned To:	Christian Castens
QA Contact:	Felix Botner

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-06-18 13:26 CEST by Christian Castens
Modified:	2024-09-05 18:44 CEST (History)
CC List:	1 user (show)

See Also:	50265
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Castens

2024-06-18 13:26:23 CEST

As an operator, I want to configure which elements of UCS and Active Directory
(for example: an OU and all elements below the OU) are synchronized based on a
"allow list", so that only those elements which I know today will be synchronized.
Elements which exist now or will added later and do not match this "allow list"
will not be synced.


Example environments:
- an UCS@school environment wants to sync one or several schools to an AD, but not
  all schools and not schools which will be created in the future

- the state administration of a federal state is organized with several OUs where
  each OU contains users and groups of one department, and one or a few departments
  should be synced with Nubus

Comment 1 Arvid Requate

2024-07-09 19:59:11 CEST

3df6b0ea98 | added tests/55_adconnector/509test_allow_subtree.py
9371e31c7f | fixup! added tests/55_adconnector/509test_allow_subtree.py
e77055e0ce | fixup! added tests/55_adconnector/509test_allow_subtree.py
32e1baf9db | feat(ad-connector): add allowlist feature
84076aec3b | Suggestions from documentation review
f97dfabd05 | Explain more details about allowsubtree
ba0e6ad1c4 | additional test cases

merged & built:

Package: univention-ad-connector                                
Version: 14.0.19-2                                                                 
Branch: 5.0-0                                                                            
Scope: errata5.0-8

Comment 2 Arvid Requate

2024-08-14 16:48:24 CEST

<https://errata.software-univention.de/#/?erratum=5.0x1096>