Bug 34432
| Summary: | Bracket in name of container leads to minor issues in subentries | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Dirk Wiesenthal <wiesenthal> |
| Component: | UMC - Domain management (Generic) | Assignee: | UMC maintainers <umc-maintainers> |
| Status: | RESOLVED DUPLICATE | QA Contact: | |
| Severity: | normal | ||
| Priority: | P5 | CC: | best, gohmann, klaeser |
| Version: | UCS 3.2 | ||
| Target Milestone: | UCS 3.x | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
Just found out that you can name your container like so: "foo\, bar" Renaming to "foobar" will not work. In fact, new containers are created, but this one will still exist and items in this container will not be moved. (This is due to the way the renaming is implemented: Creating a new container, moving all items there and then deleting self) Renaming to "foo, bar" will even raise a KeyError. Users below this container will have issues with assigned groups (appear as members in the group but not as group in self). (In reply to Dirk Wiesenthal from comment #1) > Just found out that you can name your container like so: > > "foo\, bar" > … Hm, AFAIS this should break the handling in the code which performs a dn.split(",")… even the lib function univention.uldap.explodeDn() does a simple split at ",". The UCS@School lib also does manual splits at ','. This meanwhile works. I retested: User creation/modification/renaming/removal/moving to sub-container in Container "foo (bar) baz". Renaming that container into "foo , bar (baz)". (In reply to Alexander Kläser from comment #2) > Hm, AFAIS this should break the handling in the code which performs a > dn.split(",")… even the lib function univention.uldap.explodeDn() does a > simple split at ",". I fixed both in an UCS 4.1 erratum. (In reply to Florian Best from comment #3) > The UCS@School lib also does manual splits at ','. I fixed this, too. *** This bug has been marked as a duplicate of bug 40129 *** |
Deleting a user in a container with brackets actually deletes the user but the frontend shows: Die/das folgende(n) Objekt(e) konnte(n) nicht gelöscht werden: uid=baz,cn=foo (bar),$ldap_base: LDAP-Fehler Bad search filter (No Traceback!) Brackets in the container name may or may not have more severe consequences than this one. I have not found any, still I think the name should be more restricted or (even better) when searching, the filter should be escaped (I haven't looked up which search filter is bad, probably something in users/user.py)