Univention Bugzilla – Bug 42112
ucsschool-import: import script updates account expire date every time
Last modified: 2016-12-12 13:10:21 CET
+++ This bug was initially created as a clone of Bug #41344 +++ * store an expiration data (that is in the future) for the user, so it can access its data for some days, before deletion -------- If self.config["user_deletion"]["expiration"] is set, the account expiration date is calculated as datetime.datetime.now() + datetime.timedelta(days=self.config["user_deletion"]["expiration"]) and set in the users account - every time the script runs. That effectively pushes the expiration date forward. In case the account already has an expiration date, we won't touch it. We could calculate the "nearest" date, but as we don't know what the admins intentions are, we'll simply won't change it. Replace in lines ucsschool/importer/mass_import/user_import.py:336 and ucsschool/importer/mass_import/user_import.py:346 user.expire() with if not user.has_expiry(): user.expire()
r74568: if a user already has an expiration date set, it is not changed anymore This also allows the administrator to change expiration dates in UCS, without the import overwriting it. Package has not been built yet, because the build system is currently down.
A test was not written, as I cannot think of a safe way to do a 2nd import and test if the expiration date is untouched - on another day - without screwing with the system clock.
Please give me a snipped how I can test this. I don't know how to delete a user using the importer and at the same time set attributes (disabled/expired) for him.
See 90_ucsschool/216_import-users_delete_variants: person = Person(self.ou_A.name, role) config.update_entry("user_deletion:delete", True) # or False config.update_entry("user_deletion:expiration", exp_days) create_csv_file(person_list=[person], mapping=config['csv']['mapping']) run_import(['-c', fn_config]) # imports a list of users → creates: person_list=[person] create_csv_file(person_list=[], mapping=config['csv']['mapping']) run_import(['-c', fn_config]) # imports a list with users missing -> deletes: person_list=[] # but with user_deletion:delete=<bool> user_deletion:expiration=<DAYS> it deactivates or just expires them instead
Seems not to work: # cat foo.csv "school","role","firstname","lastname","class","description","telephone" "oldschool","student","Verita","Studberg","oldschool-1,oldschool-a","A student.","+49-194-123802" "oldschool","student","Veritas","Stuetzer","oldschool-1,oldschool-b","A student.","+63-357-360032" # /usr/share/ucs-school-import/scripts/ucs-school-user-import -i foo.csv --set user_deletion:delete=True --set user_deletion:expiration=5 --sourceUID foo -u student -s oldschool # modify expiration date of user via UMC to 1.12 # univention-ldapsearch -LLLb uid=v.studberg,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local | ldapsearch-wrapper | grep -v krb5Key > 1.ldif # change foo.csv into: # cat foo.csv "school","role","firstname","lastname","class","description","telephone" "oldschool","student","Veritas","Stuetzer","oldschool-1,oldschool-b","A student.","+63-357-360032" # /usr/share/ucs-school-import/scripts/ucs-school-user-import -i foo.csv --set user_deletion:delete=True --set user_deletion:expiration=5 --sourceUID foo -u student -s oldschool # univention-ldapsearch -LLLb uid=v.studberg,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local | ldapsearch-wrapper | grep -v krb5Key > 2.ldif # ldiff 1.ldif 2.ldif dn: uid=v.studberg,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local +shadowExpire: 17141 -shadowExpire: 17136 +sambaKickoffTime: 1480978800 -sambaKickoffTime: 1480546800 +krb5ValidEnd: 20161206000000Z -krb5ValidEnd: 20161201000000Z The configuration is: {u'activate_new_users': {u'default': True}, u'classes': {}, u'csv': {u'header_lines': 1, u'incell-delimiter': {u'default': u','}, u'mapping': {u'firstname': u'firstname', u'lastname': u'lastname', u'school': u'school', u'username': u'username'}}, u'dry_run': False, u'factory': u'ucsschool.importer.default_user_import_factory.DefaultUserImportFactory', u'input': {u'filename': 'foo.csv', u'type': u'csv'}, u'logfile': u'/var/log/univention/ucs-school-import.log', u'maildomain': None, u'mandatory_attributes': [u'firstname', u'lastname', u'name', u'school'], u'no_delete': False, u'output': {u'new_user_passwords': None, u'user_import_summary': u'/var/lib/ucs-school-import/user_import_summary_%Y-%m-%d_%H:%M:%S.csv'}, u'password_length': 15, u'scheme': {u'email': u'<firstname>[0].<lastname>@<maildomain>', u'recordUID': u'<:umlauts><firstname>[0].<lastname><:lower>', u'username': {u'allow_rename': False, u'default': u'<:umlauts><firstname>[0].<lastname><:lower>'}}, u'school': 'oldschool', u'sourceUID': 'foo', u'tolerate_errors': 0, u'user_deletion': {u'delete': True, u'expiration': 5}, u'user_role': 'student', u'verbose': True}
Something's wrong with that test. Maybe the UMC did something because the expiration date was "today"? Please try like this: ### 1st import -> creates users w/o expiration date # udm users/user list --filter uid=v.studberg > v.studberg_1 ### 2nd import -> user has an expiration date now # udm users/user list --filter uid=v.studberg > v.studberg_2 # diff v.studberg_1 v.studberg_2 41c41 < userexpiry: None --- > userexpiry: 2016-12-07 ### change date # /etc/init.d/ntp stop # date -s 2016-12-04 ### 3rd import -> users expiration date did not change # diff v.studberg_2 v.studberg_3
The package yesterday was not build: Vorbereitung zum Ersetzen von ucs-school-import 14.0.16-37.329.201611161513 (durch .../ucs-school-import_14.0.16-39.330.201612021010_all.deb)
OK: with the new package and above snipped it works OK: YAML (adjusted in r74930)
UCS@school 4.1 R2 v9 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v9-de.html