Univention Bugzilla – Full Text Bug Listing |
Summary: | Join fails if objectClass or attributeType in LDAP schema >2000bytes | ||
---|---|---|---|
Product: | UCS | Reporter: | Lukas Zumvorde <zumvorde> |
Component: | LDAP | Assignee: | UCS maintainers <ucs-maintainers> |
Status: | NEW --- | QA Contact: | UCS maintainers <ucs-maintainers> |
Severity: | normal | ||
Priority: | P5 | CC: | best, hahn, turfeld |
Version: | UCS 5.2 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=46743 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
User Pain: | 0.286 | Enterprise Customer affected?: | Yes |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: | patch |
Description
Lukas Zumvorde
2023-07-03 11:25:02 CEST
To replicate the issue you need to define an objectclass or attributetype of sufficient length (>2000 chars) on the master/primary. For example this abomination objectclass ( 1.3.6.1.4.1.10176.99999.9838.0.0 NAME 'myTestObjectclass' DESC 'my test object class' SUP top AUXILIARY MUST uid MAY ( univentionWindowsReinstall & univentionServerReinstall & univentionService & univentionServerInstallationProfile & univentionServerInstallationText & univentionServerInstallationOption & univentionServerInstallationPath & univentionNetworkLink & univentionInventoryNumber & univentionOperatingSystem & univentionOperatingSystemVersion & univentionHost & univentionClient & univentionMacOSClient & univentionMobileClient & univentionThinClient & univentionWindows & univentionMemberServer & univentionDomainController & univentionUbuntuClient & univentionLinuxClient & univentionDomain & univentionBase & prohibitedUsername & printerModel & univentionPackageDefinition & printerURI & univentionSambaPasswordHistory & univentionSambaMinPasswordLength & univentionSambaMinPasswordAge & univentionSambaBadLockoutAttempts & univentionSambaLogonToChangePW & univentionSambaMaxPasswordAge & univentionSambaLockoutDuration & univentionSambaResetCountMinutes & univentionSambaDisconnectTime & univentionSambaRefuseMachinePWChange & univentionConsoleOperation & univentionConsoleACLCategory & univentionConsoleACLHost & univentionConsoleACLBase & univentionConsoleACLCommand & univentionSambaPrivilegeList & sambaLMPassword & sambaNTPassword & sambaAcctFlags & sambaPwdLastSet & sambaPwdCanChange & sambaPwdMustChange & sambaLogonTime & sambaLogoffTime & sambaKickoffTime & sambaBadPasswordCount & sambaBadPasswordTime & sambaLogonHours & sambaHomeDrive & sambaLogonScript & sambaProfilePath & sambaUserWorkstations & sambaHomePath & sambaDomainName & sambaMungedDial & sambaPasswordHistory & sambaSID & sambaPrimaryGroupSID & sambaSIDList & sambaGroupType & sambaNextUserRid & sambaNextGroupRid & sambaNextRid & sambaAlgorithmicRidBase & sambaShareName & sambaOptionName & sambaBoolOption & sambaIntegerOption & sambaStringOption & sambaStringListOption & sambaTrustFlags & sambaMinPwdLength & sambaPwdHistoryLength & sambaLogonToChgPwd & sambaMaxPwdAge & sambaMinPwdAge & sambaLockoutDuration & sambaLockoutObservationWindow & sambaLockoutThreshold & sambaForceLogoff & sambaRefuseMachinePwdChange & sambaClearTextPassword & sambaPreviousClearTextPassword & univentionSamba4SID & univentionSamba4pwdProperties ) ) On a slave/replica or backup run univention-join to initiate the join process. We already did the same in management/univention-directory-replication/replication.py in Bug #46743 git:a91dc1ee1ea770b8906d7e0b1ad39241115acced. That currently uses the following code: def _insert_linebereak(obj: str) -> str: ¦ # Bug 46743: Ensure lines are not longer than 2000 characters or slapd fails to start ¦ max_length = 2000 ¦ obj_lines = [] ¦ while len(obj) > max_length: ¦ ¦ linebreak_postion = obj.rindex(' ', 0, max_length) ¦ ¦ obj_lines.append(obj[:linebreak_postion]) ¦ ¦ obj = obj[linebreak_postion + 1:] ¦ obj_lines.append(obj) ¦ return '\n '.join(obj_lines) → we should use the same implementation for both! Please see <https://git.knut.univention.de/univention/ucs/-/merge_requests/796> for what is scheduled for 5.2-0, especially <https://git.knut.univention.de/univention/ucs/-/merge_requests/796/diffs?commit_id=1111fbd6cec7cef56de6d79e4557ea88b79342cc> |