Bug 35521

Summary: UDM group name syntax too strict for standard french AD group names
Product: UCS Reporter: Arvid Requate <requate>
Component: UMC - GroupsAssignee: Stefan Gohmann <gohmann>
Status: CLOSED FIXED QA Contact: Felix Botner <botner>
Severity: normal    
Priority: P5 CC: gohmann, walkenhorst
Version: UCS 3.2   
Target Milestone: UCS 3.2-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: test_group_syntax.py

Description Arvid Requate univentionstaff 2014-07-30 13:10:51 CEST 
The current UDM syntax for group names is too strict e.g. for french AD group names. In the AD-Connector log I see the following traceback:

InvalidSyntax: Name: Value may not contain other than numbers
, letters and dots! (cn=Contrôleurs de domaine d’entreprise en lecture seule,cn=users,dc=w2k12,dc=test)

As a workaround one can ucr set

 directory/manager/web/modules/groups/group/properties/name/syntax=string

and restart the AD Connector. But maybe it would be better to adjust the univention.admin.syntax.gid to allow more chracters (like we have done for the username).
Comment 1 Arvid Requate univentionstaff 2014-07-30 13:22:10 CEST 
Created attachment 6029 [details]
test_group_syntax.py

Example script.
Comment 2 Stefan Gohmann univentionstaff 2014-09-02 11:37:49 CEST 
*** Bug 35479 has been marked as a duplicate of this bug. ***
Comment 3 Stefan Gohmann univentionstaff 2014-09-02 13:44:42 CEST 
The UDM group name syntax has been adapted:

UCS 3.2-3: r53238 + r53240
UCS 4.0: r53239 + r53241
YAML: r53242
Comment 4 Felix Botner univentionstaff 2014-09-03 11:24:10 CEST 
OK - AD takeover with a french AD works just fine 

-> udm groups/group list | grep DN
DN: cn=Utilisateurs du modèle COM distribué,cn=Builtin,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine,cn=groups,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine en lecture seule,cn=groups,dc=w2k12,dc=test
DN: cn=Invités,cn=Builtin,dc=w2k12,dc=test
DN: cn=Duplicateurs,cn=Builtin,dc=w2k12,dc=test
DN: cn=Ordinateurs du domaine,cn=groups,dc=w2k12,dc=test
DN: cn=Lecteurs des journaux d’événements,cn=Builtin,dc=w2k12,dc=test
DN: cn=Groupe d’accès d’autorisation Windows,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs de licences des services Terminal Server,cn=Builtin,dc=w2k12,dc=test
DN: cn=Opérateurs de sauvegarde,cn=Builtin,dc=w2k12,dc=test
DN: cn=Générateurs d’approbations de forêt entrante,cn=Builtin,dc=w2k12,dc=test
DN: cn=Éditeurs de certificats,cn=groups,dc=w2k12,dc=test
DN: cn=Serveurs RAS et IAS,cn=groups,dc=w2k12,dc=test
DN: cn=IIS_IUSRS,cn=Builtin,dc=w2k12,dc=test
DN: cn=Accès DCOM service de certificats,cn=Builtin,dc=w2k12,dc=test
DN: cn=Utilisateurs,cn=Builtin,dc=w2k12,dc=test
DN: cn=DnsUpdateProxy,cn=groups,dc=w2k12,dc=test
  description: DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers).
DN: cn=Utilisateurs de gestion à distance,cn=Builtin,dc=w2k12,dc=test
DN: cn=Contrôleurs de domaine clonables,cn=users,dc=w2k12,dc=test
DN: cn=Serveurs Accès Distant RDS,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs RDS Endpoint,cn=Builtin,dc=w2k12,dc=test
DN: cn=Serveurs Gestion RDS,cn=Builtin,dc=w2k12,dc=test
DN: cn=WinRMRemoteWMIUsers__,cn=users,dc=w2k12,dc=test
DN: cn=testgroup,cn=users,dc=w2k12,dc=test
DN: cn=Administrateurs Hyper-V,cn=Builtin,dc=w2k12,dc=test

OK - UCS 4.0-0
OK - YAML
Comment 5 Janek Walkenhorst univentionstaff 2014-09-10 17:40:11 CEST 
http://errata.univention.de/ucs/3.2/197.html