The package ucs-school-netlogon-user-logonscripts has to be adjusted to work with the new attributes/object classes. The listener module ucs-school-user-logonscript.py uses a regex for a DN to check if the user is a teacher or staff. Also all ldap filters in there aren't properly escaped.
The DN is still checked (for backwards compatibility) (also via UCR variable ucsschool/userlogon/umclink/re). The new UCR variable ucsschool/userlogon/umclink/filter defines the ldap filter which is used if the dn does not match. The filter defaults to (|(objectClass=ucsschoolTeacher)(objectClass=ucsschoolStaff)). ucs-school-netlogon-user-logonscripts (12.0.1-1): r69417 | Bug #41304: autopep8 r69416 | Bug #41304: use objectClass=ucsschoolTeacher / ucsschoolStaff for detection of teachers
Please check if the order is okay: Currently first the DN is checked and then the LDAP search is done.
Code: OK Manual test: OK: # cp /usr/lib/univention-directory-listener/system/ucs-school-user-logonscript.py /tmp/logonscript.py # python import sys sys.path.append("/tmp") from logonscript import * key = "Marktplatz" server = listener.baseConfig.get('ucsschool/userlogon/commonshares/server/%s' % key) letter = listener.baseConfig.get('ucsschool/userlogon/commonshares/letter/%s' % key, '').replace(':', '') globalLinks = {key: {'server': server, 'letter': letter}} desktopFolderName = "Eigene Shares" mappings = globalLinks links = {"Marktplatz": "sch-m"} dn = "uid=g.krause1,cn=mitarbeiter,cn=users,ou=schule1,dc=uni,dc=dtr" "Univention Management Console" in generateWindowsLinkScript(desktopFolderName, links, mappings, dn).replace('\n', '\r\n') → True dn = "uid=d.lehmann1,cn=lehrer,cn=users,ou=gsmitte,dc=uni,dc=dtr" "Univention Management Console" in generateWindowsLinkScript(desktopFolderName, links, mappings, dn).replace('\n', '\r\n') → True dn = "uid=anton3,cn=schueler,cn=users,ou=gsmitte,dc=uni,dc=dtr" "Univention Management Console" in generateWindowsLinkScript(desktopFolderName, links, mappings, dn).replace('\n', '\r\n') → False Then the same was run after editing /tmp/logonscript.py: --- #is_teacher = reTeacher.match(dn) is_teacher = False --- Thus forcing the detection to use LDAP queries and not RE on the dn. → same result OK: distinguished Teachers, Staff and Students with both methods.
Please change the detection order: LDAP query first.
(In reply to Daniel Tröder from comment #4) > Please change the detection order: LDAP query first. done ucs-school-netlogon-user-logonscripts (12.0.2-1): r70260 | Bug #41304: adjust order of detecting teachers
ucs-school-netlogon-user-logonscripts.yaml: r70261 | YAML Bug #41304
*** Bug 41384 has been marked as a duplicate of this bug. ***
OK: order changed OK: crash fixed
UCS@school 4.1 R2 has been released: http://docs.software-univention.de/release-notes-ucsschool-4.1R2v1-de.pdf If this error occurs again, please use "Clone This Bug".