Bug 41989 - Moving user from school A to B does not move its home directory to backup
Moving user from school A to B does not move its home directory to backup
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Listener modules
UCS@school 4.1 R2
Other Linux
: P5 minor (vote)
: UCS@school 4.1 R2 vXXX
Assigned To: Daniel Tröder
Florian Best
: interim-3
Depends on:
Blocks: 41990
  Show dependency treegraph
 
Reported: 2016-08-15 10:48 CEST by Sönke Schwardt-Krummrich
Modified: 2016-12-12 13:10 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 1: Cosmetic issue or missing function but workaround exists
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
patch (1.57 KB, patch)
2016-12-08 09:45 CET, Florian Best
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sönke Schwardt-Krummrich univentionstaff 2016-08-15 10:48:45 CEST
By default, the users home directory is moved by the listener module
remove-old-homedirs.py into a backup directory if the user is deleted. Since UCS@school 4.1 R2 the users may be moved between schools but the listener module does not cover this. Therefore the home directory are kept.
Comment 1 Markus Dählmann 2016-11-15 17:51:21 CET
This was fixed in our environment with the latest fixes on the directory listener.
Comment 2 Daniel Tröder univentionstaff 2016-11-21 13:45:53 CET
r74631: add test for deletion of users home directory by listener module, tests if home is also removed if user is not deleted, but moved to another OU
r74639: cleanup and simplify code, use Python to check file system
r74640: remove home is user is removed from school (adapt to ou-overlapping users)
r74641: advisory

New ucs-test 90_ucsschool/132_remove-old-homedirs fails with ucs-school-old-homedirs version before 11.0.0-2.
Comment 3 Daniel Tröder univentionstaff 2016-11-22 08:42:54 CET
r74658: don't log complete traceback in case the LDAP server cannot be reached or the credentials are wrong

In the case of a (re)join, the join.log is needlessly filled with tracebacks, which all start at handler() and end in get_my_ous()→getMachineConnection().
Comment 4 Florian Best univentionstaff 2016-12-02 15:00:45 CET
I have two points I'm unsure about:

-filter = '(objectClass=posixAccount)'
+filter = '(objectClass=ucsschoolType)'
-attributes = []
+attributes = ["ucsschoolSchool"]

This prevents the listener from being executed for regular non-ucs-school users or users which aren't yet migrated (which is okay because 4.1 is out of maintenance since yesterday).
@Sönke: Please decide here.

And the ldap connection is done for each object instead of only once. You can have a look at ucs-school-webproxy/pupilgroups.py how I implemented it there to use prerun() and postrun().
Comment 5 Daniel Tröder univentionstaff 2016-12-04 09:42:53 CET
(In reply to Florian Best from comment #4)
> -attributes = []
> +attributes = ["ucsschoolSchool"]
This is necessary for this bug to be resolved at all.

> And the ldap connection is done for each object instead of only once. You
> can have a look at ucs-school-webproxy/pupilgroups.py how I implemented it
> there to use prerun() and postrun().
Very nice.

74952: also handle non-school users
74954: reuse LDAP connection
Comment 6 Florian Best univentionstaff 2016-12-08 09:45:27 CET
Created attachment 8293 [details]
patch

(In reply to Daniel Tröder from comment #5)
> 74952: also handle non-school users
This still doesn't work as the attribute ucsschoolSchools is checked which gloabal users doesn't have.
> 74954: reuse LDAP connection
This still does an ldap call for each object instead of one for all.

Attached is a patch which addresses both issues.
Comment 7 Florian Best univentionstaff 2016-12-08 12:14:21 CET
Forget my patch!
I think you can revert r74640 r74658 r74952 r74954.
This bug is already fixed by Bug #32685.
The ucsschoolSchool attribute doesn't need to be checked because if the user is not part of the local school anymore the listener doesn't have access to it and no handler is ever called.
Comment 8 Daniel Tröder univentionstaff 2016-12-08 15:01:32 CET
r75123: univention-directory-listener issues command='d' now, when a user is moved out of the local LDAPs reach, so no need to handle a school change with special code anymore. Most code changes were reverted, except for some cleanup.
r75124: advisory update
Comment 9 Florian Best univentionstaff 2016-12-08 16:51:36 CET
OK: revert
OK: compatible to old behavior
OK: YAML (adjusted in r75131)
Comment 10 Sönke Schwardt-Krummrich univentionstaff 2016-12-12 13:10:10 CET
UCS@school 4.1 R2 v9 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.1R2v9-de.html