Bug 44560 – ID mapping range for "*" is not configurable

Bug 44560 - ID mapping range for "*" is not configurable


Summary:	ID mapping range for "*" is not configurable

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-4-errata
Assigned To:	Felix Botner
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:	44549
Blocks:
	Show dependency tree / graph

Reported:	2017-05-09 11:34 CEST by Felix Botner
Modified:	2017-05-24 11:10 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.143
Enterprise Customer affected?:	Yes
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017050521000171
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2017-05-09 11:34:36 CEST

+++ This bug was initially created as a clone of Bug #44549 +++

The ID mapping range for "*" is not configurable, while the range for the domain ID mapping is. Both should not overlap, but if you set the domain mapping range via: 

# ucr set samba/idmap/<domain>/range='1000-549999'

this happens at once since you _cannot_ set also this:

# ucr set 'samba/idmap/*/range'='550000-640000'

(you would have to change the following snippet from the template):

print '\tidmap config * : backend\t= ldap'
--> print '\tidmap config * : range\t\t= 55000-64000'
print '\tidmap config * : ldap_url\t= ldap://%s' % ' ldap://'.join(ldapserver)
print '\tidmap config * : ldap_user_dn\t= %s' % (admindn)
## print '\tidmap config * : ldap_base_dn\t= cn=idmap,cn=univention,%s' % (ldap_base)

# replacement for deprecated samba/winbind/trusted/domains/only=yes
if configRegistry.get('windows/domain'):
        mydomain=configRegistry['windows/domain'].upper()
        defaultrange = '1000-54999'
        # try uppercase domain, then allow for lowercase, otherwise use defaultrange
        range = configRegistry.get('samba/idmap/%s/range' % mydomain, configRegistry.get('samba/idmap/%s/range' % mydomain.lower(), defaultrange))
        print '\tidmap config %s : backend = nss' % (mydomain, )
        print '\tidmap config %s : range = %s' % (mydomain, range)
        ### </idmap config v6 for Samba 3.6.0>

---------------------------------------------------------------------------------

The template should look like this:

--> default_range = configRegistry.get('samba/idmap/*/range', '55000-64000')
print '\tidmap config * : backend\t= ldap'
--> print '\tidmap config * : range\t\t= %s' % default_range
print '\tidmap config * : ldap_url\t= ldap://%s' % ' ldap://'.join(ldapserver)
print '\tidmap config * : ldap_user_dn\t= %s' % (admindn)
 ## print '\tidmap config * : ldap_base_dn\t= cn=idmap,cn=univention,%s' % (ldap_base)

Comment 1 Felix Botner

2017-05-09 12:01:18 CEST

added samba/idmap/range (samba/idmap/*/range is not allowed by ucslint :-( )

univention-samba: r79230 79231
staging/univention-samba.yaml

Comment 2 Arvid Requate

2017-05-22 21:05:00 CEST

Ok, works:

ucr set samba/idmap/$(ucr get windows/domain)/range=1000-549999 \
        samba/idmap/range=550000-640000

I've added a note to the advisory explaining the purpose of this new variable.

Comment 3 Janek Walkenhorst

2017-05-24 11:10:26 CEST

<http://errata.software-univention.de/ucs/4.1/422.html>