Upstream Issue: https://git.knut.univention.de/univention/dev/internal/team-nubus/-/issues/1143 Add the values for it when creating new objects if configured via UCR and the value is not explicitly specified by the client. The UCR variable is disabled by default in UCS. This will be changed in the next UCS point release.
REOPENED: [73_udm-rest.01_openapi_validation.master070](https://univention-dist-jenkins.k8s.knut.univention.de/job/UCS-5.2/job/UCS-5.2-1/job/AutotestUpgrade/lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master/testReport/73_udm-rest/01_openapi_validation/master070/) fails [ 73_udm-rest.tests.test_udm.test_obj_by_dn](https://univention-dist-jenkins.k8s.knut.univention.de/job/UCS-5.2/job/UCS-5.2-1/job/AutotestUpgrade/lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master/testReport/73_udm-rest.tests/test_udm/test_obj_by_dn/) fails
The original issue description lacks information, so here an overview: All UDM modules should be extended to include the "univentionObjectIdentifier" property (which is already available for users/user and groups/group) in a generic fashion in UDM. * no module specific code must be changed (because then we would need to adjust third party modules as well) * the property is mapped to the LDAP attribute univentionObjectIdentifier. a nicer property name would have been "uuid" or "object-identifier" but that's already released for users/user. * the value of the property is a UUID4. Syntax validation for it should be added. * the default value of the property is empty * Via the UCR variable "directory/manager/object-identifier/autogeneration" during object creation a truly ransom value can be auto-generated * The value is unique and uniqueness is checked by UDM * For a LDAP uniqueness check we need to add another LDAP overlay with a constraint in another bug * The OpenAPI schema definition for the property has the string format "uuid". In the possible future the value will always be autogenerated and existing domains need to be migrated to add the property to all existing objects. Why don't we just use the entryUUID for it and set it with the relaxed control? * the entryUUID is not unique in the whole domain and differs on the replicated systems.
(In reply to Florian Best from comment #1) > REOPENED: > > [73_udm-rest.01_openapi_validation.master070](https://univention-dist- > jenkins.k8s.knut.univention.de/job/UCS-5.2/job/UCS-5.2-1/job/AutotestUpgrade/ > lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master/testReport/ > 73_udm-rest/01_openapi_validation/master070/) fails > [ > 73_udm-rest.tests.test_udm.test_obj_by_dn](https://univention-dist-jenkins. > k8s.knut.univention.de/job/UCS-5.2/job/UCS-5.2-1/job/AutotestUpgrade/ > lastCompletedBuild/SambaVersion=no-samba,Systemrolle=master/testReport/ > 73_udm-rest.tests/test_udm/test_obj_by_dn/) fails The openapi.json changed were optional and have been reverted: univention-directory-manager-rest (12.1.2) cf2dece11728 | revert(udm-rest): Revert openapi.json generation improvement because of test failures
OK: all modules have been extended to include univentionObjectIdentifier OK: advisory OK: tests
OK: univentionObjectIdentifier is exposed in the UDM REST API OK: via UMC no modification and displaying is possible
Can't be verified properly: 0db81beb919 commited a new version of univention-directory-manager-modules at Tue May 13 13:43:05 2025 +0200 The package has been built 2025-05-13 14:21 Advisory contains old version Fixed for you with d61d7380c4c | Advisory update
<https://errata.software-univention.de/#/?erratum=5.2x90>