Univention Bugzilla – Bug 41989
Moving user from school A to B does not move its home directory to backup
Last modified: 2016-12-12 13:10:10 CET
By default, the users home directory is moved by the listener module remove-old-homedirs.py into a backup directory if the user is deleted. Since UCS@school 4.1 R2 the users may be moved between schools but the listener module does not cover this. Therefore the home directory are kept.
This was fixed in our environment with the latest fixes on the directory listener.
r74631: add test for deletion of users home directory by listener module, tests if home is also removed if user is not deleted, but moved to another OU r74639: cleanup and simplify code, use Python to check file system r74640: remove home is user is removed from school (adapt to ou-overlapping users) r74641: advisory New ucs-test 90_ucsschool/132_remove-old-homedirs fails with ucs-school-old-homedirs version before 11.0.0-2.
r74658: don't log complete traceback in case the LDAP server cannot be reached or the credentials are wrong In the case of a (re)join, the join.log is needlessly filled with tracebacks, which all start at handler() and end in get_my_ous()→getMachineConnection().
I have two points I'm unsure about: -filter = '(objectClass=posixAccount)' +filter = '(objectClass=ucsschoolType)' -attributes = [] +attributes = ["ucsschoolSchool"] This prevents the listener from being executed for regular non-ucs-school users or users which aren't yet migrated (which is okay because 4.1 is out of maintenance since yesterday). @Sönke: Please decide here. And the ldap connection is done for each object instead of only once. You can have a look at ucs-school-webproxy/pupilgroups.py how I implemented it there to use prerun() and postrun().
(In reply to Florian Best from comment #4) > -attributes = [] > +attributes = ["ucsschoolSchool"] This is necessary for this bug to be resolved at all. > And the ldap connection is done for each object instead of only once. You > can have a look at ucs-school-webproxy/pupilgroups.py how I implemented it > there to use prerun() and postrun(). Very nice. 74952: also handle non-school users 74954: reuse LDAP connection
Created attachment 8293 [details] patch (In reply to Daniel Tröder from comment #5) > 74952: also handle non-school users This still doesn't work as the attribute ucsschoolSchools is checked which gloabal users doesn't have. > 74954: reuse LDAP connection This still does an ldap call for each object instead of one for all. Attached is a patch which addresses both issues.
Forget my patch! I think you can revert r74640 r74658 r74952 r74954. This bug is already fixed by Bug #32685. The ucsschoolSchool attribute doesn't need to be checked because if the user is not part of the local school anymore the listener doesn't have access to it and no handler is ever called.
r75123: univention-directory-listener issues command='d' now, when a user is moved out of the local LDAPs reach, so no need to handle a school change with special code anymore. Most code changes were reverted, except for some cleanup. r75124: advisory update
OK: revert OK: compatible to old behavior OK: YAML (adjusted in r75131)
UCS@school 4.1 R2 v9 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v9-de.html