First Last Prev Next    This bug is not in your last search results.
Bug 50161 - users/user sets sambaPrimaryGroupSID not in the modlist
users/user sets sambaPrimaryGroupSID not in the modlist
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Users
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-2-errata
Assigned To: Florian Best
Jürn Brodersen
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-09 15:59 CEST by Florian Best
Modified: 2019-10-16 14:11 CEST (History)
0 users

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2019-09-09 15:59:36 CEST 
users/user sets sambaPrimaryGroupSID not in the modlist but in the method __primary_group() which is called by
* _ldap_post_create
* _ldap_post_modify
* open() through _load_groups().

This makes it impossible that hooks are able to remove the attribute, except if they remote it manually afterwards. But this would cause that it gets added again on every open() call of the user object.

I think we should not modify users in the open() call!
I see no necessarity to do this in ldap_post_*(), except for easier coding. (But the code enhanced over time and now it is probably not so hard to fix it).
Comment 1 Florian Best univentionstaff 2019-09-09 16:20:21 CEST 
Similar logic applies to computers/* objects.
Comment 2 Florian Best univentionstaff 2019-10-01 18:07:34 CEST 
This causes also that creating user objects consists of 1 ldap add following 2 ldap modify calls. Only the first ldap add call is necessary. Fixing it saves also performance in the S4-connector.
Comment 3 Florian Best univentionstaff 2019-10-01 18:20:00 CEST 
Patch in git:fbest/50161-set-primary-group-in-modlist.
Comment 4 Florian Best univentionstaff 2019-10-10 18:45:33 CEST 
Fixed for users/user. I will clone a bug soon for computer objects.

univention-directory-manager-modules (14.0.14-6)
71578a269153 | Bug #50161: set primary group attributes in _ldap_modlist()

univention-directory-manager-modules.yaml
71578a269153 | Bug #50161: set primary group attributes in _ldap_modlist()
Comment 5 Jürn Brodersen univentionstaff 2019-10-15 00:19:03 CEST 
What I tested:
System without samba:
- Added user: "sambaPrimaryGroupSID" is set -> OK
- Edit user: "sambaPrimaryGroupSID" is changed -> OK
System with samba:
- Added user: "sambaPrimaryGroupSID" is set -> OK
- Edit user: "sambaPrimaryGroupSID" is changed -> OK

YAML -> OK

-> Verified
Comment 6 Arvid Requate univentionstaff 2019-10-16 14:11:07 CEST 
<http://errata.software-univention.de/ucs/4.4/306.html>
First Last Prev Next    This bug is not in your last search results.