First Last Prev Next    This bug is not in your last search results.
Bug 37632 - Setting nestedGroup property of groups/group breaks with CamelCase LDAP base
Setting nestedGroup property of groups/group breaks with CamelCase LDAP base
Status: CLOSED DUPLICATE of bug 43247
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-x
Assigned To: Florian Best
Stefan Gohmann
:
: 38088 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-27 13:38 CET by Arvid Requate
Modified: 2017-06-19 16:23 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-01-27 13:38:25 CET 
The nestedGroup property of groups/group doesn't seem to work properly with a mixed case LDAP base:


root@master55:/usr/share/ucs-test# udm groups/group  create --set name=uwmresrqObject created: cn=uwmresrq,dc=FooBar,dc=com

root@master55:/usr/share/ucs-test# udm groups/group modify \
  --dn="cn=Domain Admins,cn=groups,dc=FooBar,dc=com" \
  --set description=bar
Object modified: cn=Domain Admins,cn=groups,dc=FooBar,dc=com

root@master55:/usr/share/ucs-test# udm groups/group modify \
  --dn="cn=Domain Admins,cn=groups,dc=FooBar,dc=com" \
  --set nestedGroup="cn=uwmresrq,cn=groups,dc=FooBar,dc=com"
E: object not found


Discovered via Bug 37595, test case 10_ldap/55slapd-crash-1270
Comment 1 Arvid Requate univentionstaff 2015-01-27 13:42:10 CET 
Error in example above, here we go again:

root@master55:/usr/share/ucs-test# udm groups/group  create \
  --position cn=groups,dc=FooBar,dc=com --set name=subgroup1
Object created: cn=subgroup1,cn=groups,dc=FooBar,dc=com

root@master55:/usr/share/ucs-test# udm-test groups/group modify \
  --dn="cn=subgroup1,cn=groups,dc=FooBar,dc=com" \
  --set description=bar
Object modified: cn=subgroup1,cn=groups,dc=FooBar,dc=com

root@master55:/usr/share/ucs-test# udm groups/group modify \
  --dn="cn=Domain Admins,cn=groups,dc=FooBar,dc=com" \
  --set nestedGroup="cn=subgroup1,cn=groups,dc=FooBar,dc=com"
E: object not found
Comment 2 Arvid Requate univentionstaff 2015-01-27 14:11:20 CET 
Also found via ucs-test cases
* 62_udm-groups/05_group_modification_append_nestedGroups
* 62_udm-groups/06_group_creation_set_single_letter_name_nestedGroup
* 62_udm-groups/08_rename_a_group_which_contains_a_nestedGroup
* 62_udm-groups/09_rename_a_nestedGroup
* 62_udm-groups/18_group_modification_recursion_set_nestedGroup_to_group_containing_self
* 62_udm-groups/23_group_modify_grouptype
Comment 3 Daniel Tröder univentionstaff 2015-12-01 11:53:20 CET 
*** Bug 38088 has been marked as a duplicate of this bug. ***
Comment 4 Daniel Tröder univentionstaff 2015-12-01 11:58:02 CET 
This leads to 96univention-samba4slavepdc.inst breaking, because of

E: object not found: DN not found: cn=domain guests,cn=groups,dc=uni,dc=dtr.

When trying to create cn=Guests,cn=Builtin,$ldap_base with --append nestedGroup="cn=Domain Guests,cn=groups,$ldap_base".

This renders a complete domain almost unusable, because on no further join succeeds.
Comment 5 Arvid Requate univentionstaff 2015-12-01 15:07:37 CET 
Sidenote: core.schema defines the matching rule 'caseIgnoreIA5Match' for 'dc'.
In general DNs are not case insensitive but follow the individual matching rules of the RDN parts. But there are few attributes with exact* matching rules. Unfortunately only the OpenLDAP server code currently implements DN (and attribute) matching properly, so the "proper" solution would be to ask the LDAP-Server (and possibly cache the results per session).
Comment 6 Florian Best univentionstaff 2017-01-04 13:02:41 CET 
Fixed via Bug #43247. I reenabled the test cases.

ucs-test (6.0.37-31):
r75571 | Bug #37632: Bug #38088: reactivate test cases

*** This bug has been marked as a duplicate of bug 43247 ***
Comment 7 Florian Best univentionstaff 2017-01-04 13:10:51 CET 
r75572 | Bug #37632: Bug #38088: reactivate test cases
Comment 8 Florian Best univentionstaff 2017-01-04 13:15:36 CET 
UCS 4.2 merge:

ucs-test (7.0.6-38):
r75574 | Bug #37632: Bug #38088: reactivate test cases
r75573 | Bug #37632: Bug #38088: reactivate test cases
Comment 9 Stefan Gohmann univentionstaff 2017-01-04 16:32:46 CET 
OK
Comment 10 Florian Best univentionstaff 2017-06-19 16:23:19 CEST 
<http://errata.software-univention.de/ucs/4.1/367.html>
First Last Prev Next    This bug is not in your last search results.