Bug 35515

Summary: Setting multiple account deactivation attributes at once yields cryptic LDAP error
Product: UCS Reporter: Dirk Wiesenthal <wiesenthal>
Component: UMC - UsersAssignee: UMC maintainers <umc-maintainers>
Status: RESOLVED WORKSFORME QA Contact:
Severity: normal    
Priority: P5 CC: best, gohmann, troeder
Version: UCS 4.2   
Target Milestone: UCS 3.2-x   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=42015
https://forge.univention.org/bugzilla/show_bug.cgi?id=45287
What kind of report is it?: Bug Report What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069 Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Dirk Wiesenthal univentionstaff 2014-07-29 21:10:50 CEST 
Setting "Account deactivation=all, Locked login methods=all, Account expiry date=value" all at once yields

The LDAP object could not be saved: LDAP Error Constraint violation: attribute 'shadowExpire' cannot have multiple values

Strangely, setting it one after another, it works.

Have not tried every combination.
Comment 1 Florian Best univentionstaff 2016-09-09 15:38:27 CEST 
@Daniel: FYI: this was what happened to you.
Comment 2 Daniel Tröder univentionstaff 2016-09-12 08:14:35 CEST 
Yes - good find.

I did:

# udm_obj["userexpiry"]="YYYY-MM-DD"
# udm_obj.modify()
# user.disabled="none"
# user.modify()

Where user is a ucsschool-lib mapped UDM object and udm_obj a normal users/user UDM object.

The last modify probably found a difference between its cached udm instance and the one I changed and tried to set both userexpiry (back to '') and whatever "disabled" does.
Comment 3 Florian Best univentionstaff 2017-08-04 14:36:59 CEST 
Can't reproduce. Next time please add the command line output and the state of the objects.

# udm users/user modify --dn  uid=muestermann5,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local  --set locked=all --set disabled=all --set userexpiry=2017-08-04
Object modified: uid=muestermann5,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local