Bug 34742

Summary: "uid" missing in "attributes"
Product: UCS Reporter: Philipp Hahn <hahn>
Component: PAMAssignee: Philipp Hahn <hahn>
Status: CLOSED FIXED QA Contact: Stefan Gohmann <gohmann>
Severity: normal    
Priority: P1 CC: gohmann, jmm, klaeser, requate
Version: UCS 3.2   
Target Milestone: UCS 3.2-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 34355    
Attachments: Fix univention-pam/well-known-sid-name-mapping.py

Description Philipp Hahn univentionstaff 2014-05-02 16:46:55 CEST 
Created attachment 5891 [details]
Fix univention-pam/well-known-sid-name-mapping.py

+++ This bug was initially created as a clone of Bug #34355 +++
(In reply to Stefan Gohmann from comment #6)
> Please have a look at the jenkins tests:
>  jenkins.knut.univention.de:8080/job/UCS 3.2 Autotest
> MultiEnv/358/testReport/
> 
> For example the following case failed:
>  00_base/95rename_administrator

The listener module "well-known-sid-name-mapping" is buggy: it wrongly assumes that "uid" is unique. This is and was never true, as "modrdn" can clean to even single-value attributes having multiple values.
The new listener now first does a "modrdn", which keeps the old "uid=Administrator" and adds an additional "uid=$RANDOM". The listener module then assumes that on the "move_to" part the uid already contains only the new uid, but only fetches uid[0]='"Administrator" and thus does not trigger the code to set the UCRV users/default/Administrator=uid[1]=$OTHER-UID.

The new listener explicitly does a "m" after that to allow listener modules to catch up delayed changes, but "uid" is missing from list of declared list of "attributes":
> updating 'cn=Administrators,cn=groups,dc=phahn,dc=dev' command m
> handler: well-known-sid-name-mapping (up-to-date)
Comment 1 Philipp Hahn univentionstaff 2014-05-02 22:39:02 CEST 
Also "sambaSid" -> "sambaSID" as the listener compares case-aware.
Comment 2 Philipp Hahn univentionstaff 2014-05-03 01:36:32 CEST 
r49757 | Bug #34742 PAM: trigger well-known-sid-name-mapping
univention-pam_7.0.4-28.247.201405030135

doc/errata/staging/2014-04-14-univention-pam.yaml
r49760 | Bug #34742 PAM: trigger well-known-sid-name-mapping YAML
Comment 3 Alexander Kläser univentionstaff 2014-05-26 12:56:35 CEST 
The YAML file should have "version: [2]", AFAIS.
Comment 4 Philipp Hahn univentionstaff 2014-05-26 15:38:14 CEST 
r50687 | Bug #34742 PAM: YAML
Comment 5 Stefan Gohmann univentionstaff 2014-06-30 07:35:00 CEST 
Code: OK

Tests: OK

YAML: OK
Comment 6 Moritz Muehlenhoff univentionstaff 2014-07-02 11:28:52 CEST 
http://errata.univention.de/ucs/3.2/132.html