Merge pull request #3002 from CactuseSecurity/develop

v8.7.1 Hotfix release

Author: tpurschke

documentation/revision-history-develop.md

@@ -257,3 +257,6 @@ bugfix release:
 
 # 8.6.3 - 20.02.2025 DEVELOP
 - dns lookup for app server names
+
+# 8.7.1 - 05.03.2025 DEVELOP
+- ldap writepath for groups

documentation/revision-history-main.md

@@ -492,3 +492,8 @@ Hotfix for network modelling:
   - adding option to name all application servers by reverse DNS and fall-back to prefix + ip 
 - API: upgrade Hasura to 2.45.2
 - Workflow: some performance improvements
+
+# 8.7.1 07.03.2025 MAIN
+- fix modelling select existing interfac
+- fix modelling settings ldap selection
+- fix workflow ticket close spinner

inventory/group_vars/all.yml

@@ -1,5 +1,5 @@
 ### general settings
-product_version: "8.7"
+product_version: "8.7.1"
 ansible_user: "{{ lookup('env', 'USER') }}"
 ansible_become_method: sudo
 ansible_python_interpreter: /usr/bin/python3

roles/api/files/replace_metadata.json

@@ -7206,6 +7206,7 @@
                       "ldap_type",
                       "ldap_write_user",
                       "ldap_write_user_pwd",
+                      "ldap_writepath_for_groups",
                       "tenant_id"
                     ]
                   }
@@ -7243,6 +7244,7 @@
                       "ldap_type",
                       "ldap_write_user",
                       "ldap_write_user_pwd",
+                      "ldap_writepath_for_groups",
                       "tenant_id"
                     ],
                     "filter": {}
@@ -7293,6 +7295,7 @@
                       "ldap_type",
                       "ldap_write_user",
                       "ldap_write_user_pwd",
+                      "ldap_writepath_for_groups",
                       "tenant_id"
                     ],
                     "filter": {}
@@ -7395,6 +7398,7 @@
                       "ldap_type",
                       "ldap_write_user",
                       "ldap_write_user_pwd",
+                      "ldap_writepath_for_groups",
                       "tenant_id"
                     ],
                     "filter": {},

roles/database/files/sql/creation/fworch-create-tables.sql

@@ -1012,6 +1012,7 @@ Create table "ldap_connection"
 	"tenant_id" Integer,
 	"ldap_write_user_pwd" Varchar,
 	"ldap_searchpath_for_groups" Varchar,
+	"ldap_writepath_for_groups" Varchar,
 	"ldap_type" Integer NOT NULL Default 0,
 	"ldap_pattern_length" Integer NOT NULL Default 0,
 	"ldap_name" Varchar,

roles/database/files/sql/creation/fworch-fill-stm.sql

@@ -124,6 +124,9 @@ insert into config (config_key, config_value, config_user) VALUES ('welcomeMessa
 insert into config (config_key, config_value, config_user) VALUES ('dnsLookup', 'False', 0);
 insert into config (config_key, config_value, config_user) VALUES ('overwriteExistingNames', 'False', 0);
 insert into config (config_key, config_value, config_user) VALUES ('autoReplaceAppServer', 'False', 0);
+insert into config (config_key, config_value, config_user) VALUES ('ownerLdapId', '1', 0);
+insert into config (config_key, config_value, config_user) VALUES ('ownerLdapGroupNames', 'ModellerGroup_@@ExternalAppId@@', 0);
+insert into config (config_key, config_value, config_user) VALUES ('manageOwnerLdapGroups', 'true', 0);
 
 INSERT INTO "report_format" ("report_format_name") VALUES ('json');
 INSERT INTO "report_format" ("report_format_name") VALUES ('pdf');

roles/database/files/sql/idempotent/fworch-encryption.sql

@@ -136,6 +136,7 @@ CREATE OR REPLACE FUNCTION insertLocalLdapWithEncryptedPasswords(
     userSearchPath TEXT,
     roleSearchPath TEXT, 
     groupSearchPath TEXT,
+    groupWritePath TEXT,
     tenantLevel INTEGER,
     searchUser TEXT,
     searchUserPwd TEXT,
@@ -154,9 +155,9 @@ BEGIN
         SELECT INTO t_encryptedReadPwd * FROM encryptText(searchUserPwd, t_key);
         SELECT INTO t_encryptedWritePwd * FROM encryptText(writeUserPwd, t_key);
         INSERT INTO ldap_connection
-            (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups,
+            (ldap_server, ldap_port, ldap_searchpath_for_users, ldap_searchpath_for_roles, ldap_searchpath_for_groups, ldap_writepath_for_groups,
             ldap_tenant_level, ldap_search_user, ldap_search_user_pwd, ldap_write_user, ldap_write_user_pwd, ldap_type)
-            VALUES (serverName, port, userSearchPath, roleSearchPath, groupSearchPath, tenantLevel, searchUser, t_encryptedReadPwd, writeUser, t_encryptedWritePwd, ldapType);
+            VALUES (serverName, port, userSearchPath, roleSearchPath, groupSearchPath, groupWritePath, tenantLevel, searchUser, t_encryptedReadPwd, writeUser, t_encryptedWritePwd, ldapType);
     END IF;
 END;
 $$ LANGUAGE plpgsql;

roles/database/files/sql/idempotent/fworch-texts.sql

@@ -1501,6 +1501,8 @@ INSERT INTO txt VALUES ('regular_connections', 	'German',	'Standard-Verbindungen
 INSERT INTO txt VALUES ('regular_connections', 	'English',	'Regular Connections');
 INSERT INTO txt VALUES ('show_all',             'German', 	'Alle darstellen');
 INSERT INTO txt VALUES ('show_all',             'English', 	'Show all');
+INSERT INTO txt VALUES ('fetch_limit',          'German', 	'Limit');
+INSERT INTO txt VALUES ('fetch_limit',          'English', 	'limit');
 INSERT INTO txt VALUES ('as_source',            'German', 	'Als Quelle');
 INSERT INTO txt VALUES ('as_source',            'English', 	'As Source');
 INSERT INTO txt VALUES ('send_email',           'German', 	'Email senden');
@@ -1911,6 +1913,8 @@ INSERT INTO txt VALUES ('role_search_path',     'German', 	'Suchpfad Rollen');
 INSERT INTO txt VALUES ('role_search_path',     'English', 	'Role Search Path');
 INSERT INTO txt VALUES ('group_search_path',    'German', 	'Suchpfad Gruppen');
 INSERT INTO txt VALUES ('group_search_path',    'English', 	'Group Search Path');
+INSERT INTO txt VALUES ('group_write_path',     'German', 	'Schreibpfad Gruppen');
+INSERT INTO txt VALUES ('group_write_path',     'English', 	'Group Write Path');
 INSERT INTO txt VALUES ('search_user',          'German', 	'Nutzer für Suche');
 INSERT INTO txt VALUES ('search_user',          'English', 	'Search User');
 INSERT INTO txt VALUES ('search_user_pwd',      'German', 	'Passwort Nutzer für Suche');
@@ -4482,6 +4486,8 @@ INSERT INTO txt VALUES ('H5225', 'English', 'Global Tenant Name: If the Ldap is
 ');
 INSERT INTO txt VALUES ('H5226', 'German',  'Aktiv: Wenn das Ldap nicht auf aktiv gesetzt ist, wird es für andere Aktionen (Autorisierungen, Rollenzuweisung etc.) nicht berücksichtigt.');
 INSERT INTO txt VALUES ('H5226', 'English', 'Active: If not set to active, the Ldap is not involved in other actions (authorization, role assignment etc.).');
+INSERT INTO txt VALUES ('H5227', 'German',  'Schreibpfad Gruppen: Der Distinguished name (Dn) des Wurzelverzeichnisses des Gruppensbaums. Dieser Parameter kann vom Suchpfad abweichen (was er im internen Ldap nicht tut).');
+INSERT INTO txt VALUES ('H5227', 'English', 'Group Write Path: The distinguished name (Dn) of the root of the group writ tree. This parameter may differ from the search path (in the internal Ldap it does not).');
 INSERT INTO txt VALUES ('H5231', 'German',  'Die verf&uuml;gbaren Mandanten werden hier mit den zugeordneten Gateways dargestellt.<br>
     Es ist m&ouml;glich, Mandanten im lokalen Ldap sowie Verkn&uuml;pfungen zu den vorhandenen <a href="/help/settings/gateways">Gateways</a> anzulegen oder zu l&ouml;schen.
     Wenn Beispieldaten (definiert durch die Endung "_demo" vom Mandantennamen) existieren, wird eine Schaltfl&auml;che angezeigt, um diese zu l&ouml;schen.

roles/database/files/upgrade/8.6.3.sql

@@ -12,6 +12,7 @@ CREATE TABLE IF NOT EXISTS refresh_log (
     status TEXT
 );
 
+DROP FUNCTION IF EXISTS refresh_view_rule_with_owner();
 CREATE OR REPLACE FUNCTION refresh_view_rule_with_owner()
 RETURNS SETOF refresh_log AS $$
 DECLARE