Univention Bugzilla – Bug 40870
ucs-school-lib does not support school change for users
Last modified: 2016-10-04 13:24:45 CEST
The ucs-school-lib does not support school changes for users. This is currently deactivated/ignored within the code and needs to be implemented for customer projects and UCS@school 4.1R2.
I don't understand what "does not support school changes for users" means.
It is currently not possible to move a user to another OU due to a school change. AFAIK changes of the school attribute of a Student/Teacher/Staff object are silently ignored.
We only need the change for the lib.models not for the wizards, right?
(In reply to Florian Best from comment #3) > We only need the change for the lib.models not for the wizards, right? Correct.
So basically the following steps have to be done: * locate all classes and workgroups the user is in and remove her from them * create all classes/workgroups in the other school if not exists over there * put user into these classes/workgroups * remove the exam user of that user if exists * remove user from the current active internetsettings in the computerroom Anything else?
The home directory will also be changed. What about the old home directory?
What about the departmentNumber attribute?
Should the sambaHomePath also be changed if the new school is on another server?
It is now possible to move users into other schools (OU's). This can be achieved by the following pseudo code: >>> user = ucsschool.lib.models.User.from_dn(dn, school, lo) >>> user.school = 'new_school' >>> user.move() Therefore hook scripts for the 'move' operation are also executed. The build CSV lines start with 'MV'. If this is a problem (because of 2 letters instead of 1) please give me an alternative "code". If the new school doesn't exists simply nothing is done. If the user is a student and has an exam user this exam user gets removed. All groups of the user are preserved except the workgroups, classes and school specific groups of the old school. If the user is part of a class or workgroup this group is created (without further attributes, replacing the OU prefix) in the new school - if not yet exists. The primary group gets changed from e.g. "Domain Users old school" to "Domain Users new school". The attribute departmentNumber is changed to the new school if it is the OU name (not the display name) of the new school. The following attributes will be reset to the defaults: homeDirectory sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath Therefore this code should only be executed on a master because the above attributes depend on UCR variables which aren't necessarily set on a slave or differ per school-server. ucs-school-lib (8.0.3-1): r68261 | Bug #40870: support to change the school of a user ucs-school-lib.yaml: r68263 | YAML Bug #40870 ucs-test-ucsschool (3.0.5-25): r68262 | Bug #40870: add skeleton 80_move_users_into_another_ou A base for a test script has also been added. I will further improve this somewhen.
Going to move 'uid=j0r2tjrjmg,cn=mitarbeiter,cn=users,ou=aaaaa,dc=nstx,dc=local' from school 'bbbbb' to 'aaaaa' Looking up BasicGroup with dn 'cn=mitarbeiter-aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local' Looking up BasicGroup with dn 'cn=mitarbeiter-aaaaa,cn=groups,dc=nstx,dc=local' No group 'cn=mitarbeiter-aaaaa,cn=groups,dc=nstx,dc=local' found. Creating Container(name='groups', school='', dn='cn=groups,dc=nstx,dc=local') Getting BasicGroup UDM object by filter: name=mitarbeiter-aaaaa Looking up BasicGroup with dn 'cn=mitarbeiter-aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local' Removing 'uid=j0r2tjrjmg,cn=lehrer und mitarbeiter,cn=users,ou=bbbbb,dc=nstx,dc=local' from 'cn=mitarbeiter-aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local' Modifying BasicGroup(name='mitarbeiter-aaaaa', dn='cn=mitarbeiter-aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local') Getting BasicGroup UDM object by filter: name=mitarbeiter-aaaaa BasicGroup(name='mitarbeiter-aaaaa', dn='cn=mitarbeiter-aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local') successfully modified Looking up BasicGroup with dn 'cn=Domain Users aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local' Looking up BasicGroup with dn 'cn=Domain Users aaaaa,cn=groups,dc=nstx,dc=local' No group 'cn=Domain Users aaaaa,cn=groups,dc=nstx,dc=local' found. Creating Container(name='groups', school='', dn='cn=groups,dc=nstx,dc=local') Getting BasicGroup UDM object by filter: name=Domain Users aaaaa Looking up BasicGroup with dn 'cn=Domain Users aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local' Removing 'uid=j0r2tjrjmg,cn=lehrer und mitarbeiter,cn=users,ou=bbbbb,dc=nstx,dc=local' from 'cn=Domain Users aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local' Modifying BasicGroup(name='Domain Users aaaaa', dn='cn=Domain Users aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local') Getting BasicGroup UDM object by filter: name=Domain Users aaaaa BasicGroup(name='Domain Users aaaaa', dn='cn=Domain Users aaaaa,cn=groups,ou=aaaaa,dc=nstx,dc=local') successfully modified Getting TeachersAndStaff UDM object by filter: username=j0r2tjrjmg Setting ucsschool/ldap/noneducational/create/objects *** Cleanup after exception: <class 'univention.testing.utils.LDAPObjectValueMissing'> DN: uid=j0r2tjrjmg,cn=lehrer und mitarbeiter,cn=users,ou=bbbbb,dc=nstx,dc=local homeDirectory: ['/home/bbbbb/lehrer/j0r2tjrjmg'], missing: '/home/bbbbb/mitarbeiter/j0r2tjrjmg' ---[ucs-school-4.1r2/ucs-school-lib/python/models/base.py]--- def do_move(self, udm_obj, lo): udm_obj.move(self.dn, ignore_license=1) old_school, new_school = SchoolSearchBase.getOU(self.old_dn), SchoolSearchBase.getOU(self.dn) if self.supports_school() and old_school and old_school != new_school: self.do_school_change(udm_obj, lo, old_school) def do_school_change(self, udm_obj, lo, old_school): logger.info('Going to move %r from school %r to %r', self.old_dn, self.school, old_school) ---[cut]--- I'm confused about the log messages and the code: 1) according to first debug message, the user is moved from "bbbbb" to "aaaaa" but the DN suggests that "aaaaa" is the OLD school → what is correct? 2) according to first debug message, the user is moved from "bbbbb" to "aaaaa" and the following debug lines always check/modify/create in "aaaaa" and remove the user from "bbbbb", but the code suggests that "aaaaa" is the "old_school" → what is correct?
I am currently unsure if the API for changing is the school was chosen best. So I changes it into: >>> user = ucsschool.lib.models.User.from_dn(dn, school, lo) >>> user.change_school('new_school', lo) This is more explicit and prevents accidental implicit moving due to programmatic errors (aka. setting a wrong school attribute). It is also in our control how the moving is done (e.g. with modify() or with move(), etc.) Is there a use case for moving the user to school-B but keep him at school-A? Currently the user is removed from the old school. No respect of school-overlapping users. Do you have some ideas to implement this ala. user.change_schools(['a', 'b'], location='cn=users,ou=b,$base') ? * The log messages have been cleaned up * There was also an error for non-{rooms,class,work}groups which were bound to a school. The code creates such groups in the other school but failed because it created them underneath of cn=groups,$ldap_base. r69855 | Bug #40870: fix group creation when moving school user
When moving a user, the user-type specific group is lost: 'cn=schueler-<ou>,cn=groups,ou=<ou>,<base>' 'cn=lehrer-<ou>,cn=groups,ou=<ou>,<base>' 'cn=mitarbeiter-<ou>,cn=groups,ou=<ou>,<base>' Can be tested with 90_ucsschool/80_move_users_into_another_ou or manually: schule = "f40hqosapk" anton12 = Student(name="anton12", firstname="Anton", lastname="Banton", school=schule) anton12.create(lo) → has 2 groups: ['cn=Domain Users f40hqosapk,cn=groups,ou=f40hqosapk,dc=nstx,dc=local', 'cn=schueler-f40hqosapk,cn=groups,ou=f40hqosapk,dc=nstx,dc=local'] schule2 = "MySchool" anton12.change_school(schule2, lo) anton12 = Student.from_dn(anton12.dn, schule2, lo) anton12.get_udm_object(lo)['groups'] → has 'cn=Domain Users myschool,cn=groups,ou=MySchool,<basedn>' but not 'cn=schueler-myschool,cn=groups,ou=MySchool,<basedn>'
ucs-school-lib (9.0.20-11): r71052 | Bug #40870: fix groups of user when moving user
OK: Code OK: advisory OK: manual test OK: automated test
*** Bug 42443 has been marked as a duplicate of this bug. ***
*** Bug 42445 has been marked as a duplicate of this bug. ***
UCS@school 4.1 R2 v5 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v5-de.html If this error occurs again, please clone this bug.