Univention Bugzilla – Bug 52656
patch consistency script
Last modified: 2021-06-09 15:30:45 CEST
+++ This bug was initially created as a clone of Bug #52147 +++ Create a CLI script that verifies the consistency of all UCS@school LDAP objects. The CLI should be extensible, so that in a first iteration only user objects are checked. (See https://help.univention.com/t/how-a-ucs-school-user-should-look-like/15630 for rules for a user object.) Clone bugs from this one for further objects to check (school classes, workgroups, shares, OUs). The functions should be implemented in a shared Python module, so that they can be reused by other software. Maybe they should even become part of the ucsschool.lib.models that they check. In a separate bug, create a system diagnose module, that calls the functions of this script. The script should offer the possibility to verify the consistency of a single UCS@school LDAP object, passed by DN. -------------------------------------------------------------------- The consistency script does not yet check if a school dc is member of group cn=OU$SCHOOL-DC-Edukativnetz,cn=ucsschool,cn=groups,$ldap_base.
I added a patch for the consistency script on branch troehmey/bug52656_patch_consistency_script with commits: e8a0eccf6 Bug #52656: handle exception if user ou does not exist d13c9a667 Bug #52656: added func for testing server group memberships It issues the problem mentioned in the bug description. Also there was a KeyError exception when user_obj.schools contained schools which don't exist anymore. This patch fixes that problem.
I applied an additional small fix: [troehmey/bug52656_patch_consistency_script] 0236eafe1 Bug #52656: check workgroup shares * There is now a check that workgroup shares have a corresponding workgroup in the domain. * The check if the marktplatz share exists now depends on the UCRV ucsschool/import/generate/marktplatz
Another fix: 2d3e56fcf Bug #52656: check if student is member of school class * Before, students were not explicitly checked if they're member of a school class
Another patch: 691343bd7 Bug #52656: fix admin container name; use groupprefix ucrv The admin container was wrong all the time. It should be like this: "cn={0}{1},cn=ouadmins,cn=groups,{2}".format(admins_prefix, ou.lower(), ldap_base) For the group names, now the UCRVs under ucsschool/ldap/default/groupprefix/ are used instead of ucsschool/ldap/default/container/
I added a ucs-school-lib model "consistency" which contains all methods from the consistency script. The consistency script imports these methods. A new diagnostic module 911_ucsschool_consistency.py executes all checks from the consistency model. All previous commits have been squashed:+ commit 7708db423c7234bc58e23b343133a76c12e285b5 (HEAD -> troehmey/bug52656_patch_consistency_script, origin/troehmey/bug52656_patch_consistency_script) Author: Toni Röhmeyer <roehmeyer@univention.de> Date: Sat Feb 20 10:35:15 2021 +0100 Bug #52656: add diagnostic module which performs the consistency check commit 80960abbf51cc2816395d5991b2fdff5f5a1d6b5 Author: Toni Röhmeyer <roehmeyer@univention.de> Date: Sat Feb 20 10:29:50 2021 +0100 Bug #52656: add consistency model to school lib commit 97924161427bede68293214419ae357890dca312 Author: Toni Röhmeyer <roehmeyer@univention.de> Date: Sun Jan 31 16:41:48 2021 +0100 Bug #52656: added func for testing server group memberships Bug #52656: handle exception if user ou does not exist Bug #52656: check workgroup shares Bug #52656: check if student is member of school class Bug #52656: fix admin container name; use groupprefix ucrv
OK: code changes I merged and build it in 4.4, advisories.
Errata updates for UCS@school 4.4 v9 have been released. https://docs.software-univention.de/changelog-ucsschool-4.4v9-de.html If this error occurs again, please clone this bug.