Univention Bugzilla – Full Text Bug Listing |
Summary: | Object class violation: invalid structural object class chain (univentionUserTemplate/inetOrgPerson) | ||
---|---|---|---|
Product: | UCS | Reporter: | Florian Best <best> |
Component: | UDM - Extended Attributes | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Florian Best <best> |
Severity: | normal | ||
Priority: | P5 | CC: | botner, castens, gulden, scheinig, steuwer, stoeckigt |
Version: | UCS 4.4 | Flags: | best:
Patch_Available+
|
Target Milestone: | UCS 4.4-6-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=35775 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 3: Simply Wrong: The implementation doesn't match the docu |
Who will be affected by this bug?: | 1: Will affect a very few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.034 | Enterprise Customer affected?: | Yes |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Yes | Flags outvoted (downgraded) after PO Review: | |
Ticket number: | 2020041521000361 | Bug group (optional): | |
Max CVSS v3 score: | |||
Attachments: | patch (git:fbest/51364-usertemplate-filter-out-inetorgperson) |
IMHO actually the definition of the extended attribute is wrong. Isn't a better workaround to remove "module: settings/usertemplate" and define a correct extended attribute for the user template? Who created the extended attribute, a product package? (In reply to Ingo Steuwer from comment #1) > IMHO actually the definition of the extended attribute is wrong. Isn't a > better workaround to remove "module: settings/usertemplate" and define a > correct extended attribute for the user template? No, all extended attributes for users/user get automatically applies for settings/usertemplate as well. And even if not, this could be desired behavior to add attributes from inetOrgPerson to settings/usertemplate. > Who created the extended attribute, a product package? The customer installed it. (In reply to Florian Best from comment #2) > (In reply to Ingo Steuwer from comment #1) > > IMHO actually the definition of the extended attribute is wrong. Isn't a > > better workaround to remove "module: settings/usertemplate" and define a > > correct extended attribute for the user template? > No, all extended attributes for users/user get automatically applies for > settings/usertemplate as well. > And even if not, this could be desired behavior to add attributes from > inetOrgPerson to settings/usertemplate. OK, I reproduced it. In the cases in the past it wasn't intended to have these attributes for an usertemplate. So yes, this is a bug. merged patch by florian 6acf208dcf8d91d4d1f30f5b1768eb5538adc4ab - univention-directory-manager-modules 36ea1541d4ae829fd8e2500cfb6108b8e97ddd72 41505e3140716d504d04212fdf855e64e74211f9 - yaml Successful build Package: univention-directory-manager-modules Version: 14.0.16-4A~4.4.0.202010061020 Branch: ucs_4.4-0 Scope: errata4.4-6 OK: code change OK: UCS 5 merge request ~OK: YAML (contained typo like "LADP", I made the description more human readable: git:113a750ae95b68a73c94787f199aef6ebeb76490) Added test for ObjectClass filtering. commits: 2d15780a703e7cb5bf9919426a7e01daabe2c24b (test) e0231a68d6bd39755c9392fb59393d61e9aac77d (changelog) Package: ucs-test Version: 9.0.5-14A~4.4.0.202010160913 Branch: ucs_4.4-0 Scope: errata4.4-6 5.0-0 merge request: commit: 52365d3728dc47b7b8ac73016f0c10920b10c2f6 (test + changelog) https://git.knut.univention.de/univention/ucs/-/merge_requests/18 Package: ucs-test Version: 9.0.5-15A~4.4.0.202010161317 Branch: ucs_4.4-0 Scope: errata4.4-6 test revision: commits 4.4-6: 2958b37232d9486e2dbac38ee05c23637766f02f (changelog version bump) b6bacce65a43441368d9e303a35a80e2c383870e (test fix) I corrected the double entry "module" in the extended attribute dictionary the test works with (can be seen in one of the previous comments..). It now uses a list of modules instead of a double entry. 4.4-7: 1aae45ec839fe4481f4d2bbd29a12ef1c483e4c6 (test fix) 5.0-0: 060b039c28fdbb8717a22115c45038a551a446a6 (test fix) |
Created attachment 10372 [details] patch (git:fbest/51364-usertemplate-filter-out-inetorgperson) The creation of a settings/usertemplate fails if there are extended attributes for the object class inetOrgPerson. udm settings/usertemplate create \ --position "cn=templates,cn=univention,$ldap_base" \ --set name="..." → LDAP Error: Object class violation: invalid structural object class chain (univentionUserTemplate/inetOrgPerson) The extended attribute: DN: cn=mail,cn=custom attributes,cn=univention,dc=base CLIName: mail copyable: 0 default: <username>@example.com deleteObjectClass: 0 disableUDMWeb: 0 doNotSearch: 0 fullWidth: 0 groupName: User account groupPosition: 11 hook: MailUsertemplate ldapMapping: mail longDescription: Mail Attribut mayChange: 1 module: users/user module: settings/usertemplate multivalue: 0 name: mail notEditable: 0 objectClass: inetOrgPerson overwritePosition: None overwriteTab: 0 shortDescription: Mail Attribut syntax: String tabAdvanced: 0 tabName: General tabPosition: 11 translationGroupName: de_DE: Benutzerkonto translationLongDescription: de_DE: mail attribut translationShortDescription: de_DE: mail attribut translationTabName: de_DE: Allgemein valueRequired: 0 version: 2 univentionUserTemplate already provides all inetOrgPerson attributes, so we should filter out this object class in the addlist/modlist. Attached patch does this.