Univention Bugzilla – Bug 32041
provide printers via gpo doesn't work when gpo is created at dc master central location
Last modified: 2016-01-19 15:54:23 CET
Please see ticket #2013071721001785 for more detail: You have the possibility to provide printers per user via gpo. This is working when the gpo's are created at school locations, but does not fully work when they are created at the master location. The master itself uses samba 4 within its school-environment and is intended to be used for a central gpo management.
Most likely the same Problem with UCS@School in Version 4.0.4. See Ticket #2015112521000455
*** Bug 33790 has been marked as a duplicate of this bug. ***
ucs-school-ldap-acls-master: changed 65ucsschool ldap acl's. slaves are allowed to write objectClass=msPrintConnectionPolicy objects "cn=policies,cn=system,@%@ldap/base@%@" subtree ucs-school-metapackage: Set connector/s4/mapping/msprintconnectionpolicy?yes as default for all roles. I did NOT update the ucs@school app yet.
Dependency: Univention Corporate Server 4.1 erratum 39 (https://forge.univention.org/bugzilla/show_bug.cgi?id=40298) Changelog: ucs-school-ldap-acls-master: The LDAP ACL's have been modified to allow school slave's to update printConnectionPolicy objects (to provide printers via Group Policies). ucs-school-metapackage: The synchronization of printConnectionPolicy objects (to provide printers via Group Policies) has been enabled for all server roles. The synchronization can be disabled by setting the UCR variable connector/s4/mapping/msprintconnectionpolicy to false.
As discussed with Felix: UCS@school supports the possibility to convert a single master environment into a multi server environment. This is why 62ucs-school-singlemaster.inst should also sync the msPrintConnectionPolicy objects → REOPEN
Added update code to ucs-school-master.postinst, ucs-school-nonedu-slave.postinst, ucs-school-singlemaster.postinst and ucs-school-slave.postinst to resync msPrintConnectionPolicy objects from s4 (master, slave) and openldap (slave).
univetion-upgrade with update/secure_apt=no and the buildsystem repo in /etc/apt/sources.list gave this: Holen: 6 http://192.168.0.10/build2/ ucs_4.1-0-ucs-school-4.1/all/ ucs-school-master 8.0.1-5.167.201601121627 Yet, this is what repo-ng says: arequate@omar:~$ repo-stat.py ucs-school-master [...] 8.0.1-6 imported on 2016-01-13 15:15:47.944194 Included in scope ucs-school-4.1 for release tag 4.1-0-0 (77644) Last buildsystem mail was "Accepted ucs-school-metapackage 8.0.1-6", so I guess it has never been built. To keep bureaucracy at bay I did this: arequate@dimma:~$ b41-scope ucs-school-4.1 ucs-school-metapackage
Verified: I tested with UCS@school 4.1 v1 on UCS 4.1-0 errata55 (official repos) 1. Setup: Multimaster with Samba/AD manually postinstalled on the Master. * Existing msPrint-ConnectionPolicy has been automatically synchronized from Master Samba/AD to OpenLDAP during Master package upgrade. * Existing msPrint-ConnectionPolicy has been automatically synchronized from Master OpenLDAP to Slave Samba/AD during Slave package upgrade. * Existing msPrint-ConnectionPolicy has been automatically synchronized from Slave Samba/AD to OpenLDAP to Master Samba/AD during Slave package upgrade. * Finally, the user-targeted GPO was applied to the pupil logging on to the Windows client. After working around Bug 40435 and rebooting, the machine- focussed GPO was applied as well and both printers got connected. 2. Setup: Singlemaster with Samba/AD * Existing msPrint-ConnectionPolicy has been automatically synchronized from Master Samba/AD to OpenLDAP during Master package upgrade. * User-targeted GPO was applied to the pupil logging on to the Windows client. After working around Bug 40435 and rebooting, the machine- focussed GPO was applied as well and both printers got connected.
UCS@school 4.1 v4 has been released. If this error occurs again, please use "Clone This Bug".