Bug 35515 – Setting multiple account deactivation attributes at once yields cryptic LDAP error

Bug 35515 - Setting multiple account deactivation attributes at once yields cryptic LDAP error


Summary:	Setting multiple account deactivation attributes at once yields cryptic LDAP ...

Status:	RESOLVED WORKSFORME

Product:	UCS
Classification:	Unclassified
Component:	UMC - Users
Version:	UCS 4.2
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 3.2-x
Assigned To:	UMC maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-07-29 21:10 CEST by Dirk Wiesenthal
Modified:	2017-08-30 10:45 CEST (History)
CC List:	3 users (show)

See Also:	42015 45287
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Wiesenthal

2014-07-29 21:10:50 CEST

Setting "Account deactivation=all, Locked login methods=all, Account expiry date=value" all at once yields

The LDAP object could not be saved: LDAP Error Constraint violation: attribute 'shadowExpire' cannot have multiple values

Strangely, setting it one after another, it works.

Have not tried every combination.

Comment 1 Florian Best

2016-09-09 15:38:27 CEST

@Daniel: FYI: this was what happened to you.

Comment 2 Daniel Tröder

2016-09-12 08:14:35 CEST

Yes - good find.

I did:

# udm_obj["userexpiry"]="YYYY-MM-DD"
# udm_obj.modify()
# user.disabled="none"
# user.modify()

Where user is a ucsschool-lib mapped UDM object and udm_obj a normal users/user UDM object.

The last modify probably found a difference between its cached udm instance and the one I changed and tried to set both userexpiry (back to '') and whatever "disabled" does.

Comment 3 Florian Best

2017-08-04 14:36:59 CEST

Can't reproduce. Next time please add the command line output and the state of the objects.

# udm users/user modify --dn  uid=muestermann5,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local  --set locked=all --set disabled=all --set userexpiry=2017-08-04
Object modified: uid=muestermann5,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local