Bug 43195

Summary: UMC tries to delete child objects on objects known to never have child objects
Product: UCS Reporter: Ingo Sieverdingbeck <sieverdingbeck>
Component: UMC (Generic)Assignee: Florian Best <best>
Status: CLOSED FIXED QA Contact: Erik Damrose <damrose>
Severity: normal    
Priority: P5 CC: best, damrose, gohmann, steuwer
Version: UCS 3.2Flags: best: Patch_Available+
Target Milestone: UCS 3.3-1-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Bug Report What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.057 Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Large environments
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 43236    
Attachments: patch

Description Ingo Sieverdingbeck univentionstaff 2016-12-16 10:57:53 CET 
Due to https://forge.univention.org/bugzilla/show_bug.cgi?id=23835 the UMC tries to do a recursive delete always and thus also on objects that are known to never have child objects.

In large environments with configured size.unchecked limits the search for child objects might exceed the unchecked limit and the delete operation using the UMC will fail in this case.
Comment 1 Florian Best univentionstaff 2016-12-20 18:32:52 CET 
Created attachment 8315 [details]
patch

It's only possible to workaround the admin size limit for objects which doesn't have children.

There is no way to fix this for objects which have subordinates and where the admin size limit blocks.
I tested even paginated ldap search calls.

The admin size limit is btw. not effective for cn=admin or the host-DN, so using UDM-CLI always works.

As in the customer project these objects never have subordinates I think this patch is good enough.

What should the Target Milestone be? UCS 3.2-errata?
Comment 2 Stefan Gohmann univentionstaff 2016-12-20 22:05:46 CET 
(In reply to Florian Best from comment #1)
> What should the Target Milestone be? UCS 3.2-errata?

I guess it would be helpful to fix it as UCS 4.1-4 erratum and as UCS 3.3-1 erratum.
Comment 3 Florian Best univentionstaff 2016-12-21 12:41:50 CET 
OK.
univention-directory-manager-modules (9.0.76-145):
r75464 | Bug #43195: don't search for children of objects which doesn't have subordinates to prevent administrative limits

univention-directory-manager-modules.yaml:
r75466 | YAML Bug #43195

Package: univention-directory-manager-modules
Version: 9.0.76-145~ucs3.3.1446.201612211235
Branch: ucs_3.3-0
Scope: errata3.3-1
Comment 4 Felix Botner univentionstaff 2017-01-10 13:09:50 CET 
OK - handlers/__init__._remove() removes children only if object hasSubordinates
OK - YAML
Comment 5 Erik Damrose univentionstaff 2017-02-08 15:03:19 CET 
Reopen: While trying to announce this as an errata, the package version was missing. repo_stat does not have the version, and no package is in our buildsystems apt directory, despite there beeing a mail with reports the successful build. Maybe something went wrong when the bugfix was ported to ucs 3.2 extsec (bug 43236)

Please check that no further source code changes have occured and reimport and rebuild the package.
Comment 6 Florian Best univentionstaff 2017-02-09 10:28:49 CET 
univention-directory-manager-modules (9.0.76-146):
r76579 | Bug #43195: version bump

univention-directory-manager-modules.yaml:
r76580 | YAML Bug #43195
Comment 7 Erik Damrose univentionstaff 2017-02-09 15:18:51 CET 
OK: Version bump + rebuild
OK: yaml
Verified
Comment 8 Janek Walkenhorst univentionstaff 2017-02-09 16:01:51 CET 
<http://errata.software-univention.de/ucs/3.3/29.html>