Univention Bugzilla – Full Text Bug Listing |
Summary: | It's not possible to search for GID number | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | UMC - Groups | Assignee: | Florian Best <best> |
Status: | CLOSED FIXED | QA Contact: | Jürn Brodersen <brodersen> |
Severity: | normal | ||
Priority: | P5 | CC: | best, gohmann, klaeser, wiesenthal |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.1-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: |
https://forge.univention.org/bugzilla/show_bug.cgi?id=30533 https://forge.univention.org/bugzilla/show_bug.cgi?id=40740 |
||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | External feedback, Usability | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 42181, 42387, 42388 |
Description
Moritz Muehlenhoff
2015-03-02 07:44:21 CET
univention-ldapsearch 'gidNumber=5001' → works univention-ldapsearch 'gidNumber=*5001* → does not work UMC puts every search value into '*' for each search string automatically. (In reply to Florian Best from comment #1) > univention-ldapsearch 'gidNumber=5001' → works > univention-ldapsearch 'gidNumber=*5001* → does not work > > UMC puts every search value into '*' for each search string automatically. It would be thus good to only search for '*...*' for specific attributes. Or could we defer it from the syntax type? The user's gidNumber is univention.admin.syntax.integer. (In reply to Alexander Kläser from comment #2) > > univention-ldapsearch 'gidNumber=5001' → works > > univention-ldapsearch 'gidNumber=*5001* → does not work > It would be thus good to only search for '*...*' for specific attributes. Or > could we defer it from the syntax type? The user's gidNumber is > univention.admin.syntax.integer. Another idea would be to construct the search filter like this: '(|(gidNumber=5001)(gidNumber=*5001*)' (In reply to Florian Best from comment #3) > Another idea would be to construct the search filter like this: > '(|(gidNumber=5001)(gidNumber=*5001*)' Ahh... nice idea :) . This could indeed help! *** Bug 30190 has been marked as a duplicate of this bug. *** Bug #30533 suggests to allow quoted strings like "test" to not make a substring query. Ofc. this is not usable for the GID but could also be adjusted. Whether *5001* finds 5001 or not is defined in the underlying LDAP schema. When known, it is possible to do a "smart search". EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch finds it EQUALITY integerMatch does not. It may be difficult to read the schema (cn=schema or cn=config or something like that). I do not know whether we would need to adjust ACLs. Although slapd.conf should include all of the definitions, too. And UMC-UDM is installed on DC Master / DC Backup only. (In fact, I think it is cn=config XOR slapd.conf and we use the latter) Adapted filter to search for: '(|(gidNumber=5001)(gidNumber=*5001*)' Another candidate is e.g. DHCP-Pool: Failover Peer. You can find a lot more in: rgrep caseIgnoreIA5Match /usr/share/univention-ldap/schema univention-management-console-module-udm (6.0.11-8): r67918 | Bug #37904: fix searching for caseIgnoreIA5Match values univention-management-console-module-udm.yaml: r67919 | YAML Bug #37904 Die Ausführung des Kommandos udm/query groups/group ist fehlgeschlagen: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/notifier/threads.py", line 82, in _run tmp = self._function() File "/usr/lib/pymodules/python2.7/notifier/__init__.py", line 104, in __call__ return self._function( *tmp, **self._kwargs ) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/__init__.py", line 536, in _thread result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 86, in _decorated return method(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/ldap.py", line 135, in _decorated result = func(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/udm/udm_ldap.py", line 471, in search result = self.module.lookup(None, ldap_connection, filter_s, base=container, superordinate=superordinate, scope=scope, sizelimit=sizelimit) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/groups/group.py", line 1098, in lookup for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit): File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 359, in search raise univention.admin.uexceptions.ldapError('%s: %s' % (_err2str(msg), filter)) ldapError: Bad search filter: (&(cn=*)(|(&(objectClass=univentionGroup))(&(objectClass=sambaGroupMapping)))(&(!(univentionObjectFlag=hidden))(|(sambaRID=*)(=)))) How to reproduce: - Open the "Groups" module in the UMC - Select "Advanced Options" and the property "Relative ID" - Search for '*' without the quotes r68039 | Bug #37904: fix Bad search filter exception if searching for '*' Changes: OK, search is working as expected. YAML: OK. (Updated version r68041) → VERIFIED *** Bug 29711 has been marked as a duplicate of this bug. *** |