Univention Bugzilla – Full Text Bug Listing |
Summary: | Adding users to Samba/AD group Print Operators impossible via UMC | ||
---|---|---|---|
Product: | UCS@school | Reporter: | Arvid Requate <requate> |
Component: | Samba 4 | Assignee: | Samba maintainers <samba-maintainers> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | normal | ||
Priority: | P5 | CC: | botner, gohmann, markus.daehlmann, stoeckigt |
Version: | UCS@school 4.1 R2 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=42675 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.114 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2016081221000519 | Bug group (optional): | |
Max CVSS v3 score: |
Description
Arvid Requate
2016-07-25 14:06:13 CEST
also requested at Ticket#2016081221000519 Note: Printer-Admins is only added to connector/s4/mapping/group/ignorelist by default in UCS@school (ucs-school-metapackage). UCS@school puts those groups on the connector/s4/mapping/group/ignorelist for some reason (Bug 27395). (In reply to Arvid Requate from comment #0) > The Samba/AD group "Print Operators" (SID S-1-5-32-550) has a different name > in UCS/OpenLDAP for historical reasons, where it is called "Printer-Admins". > Since Printer-Admins is in the connector/s4/mapping/group/ignorelist by > default, there is no way for Administrators to add a user to the group > "Print Operators" via UMC. This is not completely true * UCS master + school (no s4) * UCS school slave + school in my case univention-s4-connector postinst has been executed before the ucs-school-slave postinst and as the ucs-school-slave postinst sets the ignore group with ?, this change has been ignored (Not updating connector/s4/mapping/group/ignorelist) So, on the slave the group ignore list is the connector default, on the master the ucsschool default (no s4-connector package in the master yet, what happens if i installed samba4 on the master?). This is all totally confusing, i vote for (at least) removing Printer-Admins from the ignore list. (In reply to Felix Botner from comment #4) > So, on the slave the group ignore list is the connector default, on the > master the ucsschool default (no s4-connector package in the master yet, > what happens if i installed samba4 on the master?). I changed the group ignore list to the univention-s4-connector default on my master and then install univention-s4-connector, no rejects so far. At least this scenario is OK with removing Printer-Admins from the ignore list. This issue has been filled against UCS@school 4.1 (R2). The maintenance with bug and security fixes for UCS@school 4.1 (R2) has ended on 5th of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3 (or later). Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you. |