Univention Bugzilla – Bug 44073
Group blacklist for exam-master module
Last modified: 2020-10-02 10:12:14 CEST
Created attachment 8644 [details] exammode-ignore-groups.patch When exam users are created, all group memberships of the original user object are copied. At least one customer has additional group memberships for all UCS@school users that slow down until the exam mode fails (timeout occurs). The attached, untested patch implements a UCR variable that allows the admin to specify a regular expression of group DNs that are ignored during exam user creation. The patch logs if the UMC module was unable to compile the regexp (loglevel ERROR) and which groups have been ignored (loglevel INFO). Workaround: apply patch in production system: # cd /usr/share/pyshared/univention/management/console/modules/schoolexam-master # patch -p6 < /path/to/exammode-ignore-groups.patch
Created attachment 8645 [details] exammode-ignore-groups.patch (Version 2) Updated version
The regular expression has to be specified in UCR variable ucsschool/exam/group/ldap/blacklist/regex
The patch has been tested successfully in a customer environment and has therefore been applied to SVN. ucs-school-umc-exam.yaml: r78476 | Bug #44073: updated advisory ucs-school-umc-exam (6.0.11-1): r78475 | Bug #44073: added UCR variable ucsschool/exam/group/ldap/blacklist/regex Package: ucs-school-umc-exam Version: 6.0.11-1.131.201703291633 Branch: ucs_4.1-0 Scope: ucs-school-4.1r2 Advisory: """ * In some customer environments the UCS@school users are member of additional groups that are not required for exam users. Each additional group membership slows down the creation of exam users. Via the UCR variable <envar>ucsschool/exam/group/ldap/blacklist/regex</envar> a regular expression may be specified. Each matching group DN is blacklisted for exam users. The UCR variable has to be specified on DC master. """
OK: functional test: ----------------------------------------- root@sch-m4:~# ucr set ucsschool/exam/group/ldap/blacklist/regex='cn=SchuleEins-wg1,.*' root@sch-m4:~# udm groups/group list | grep cn=SchuleEins-wg1 DN: cn=SchuleEins-wg1,cn=schueler,cn=groups,ou=SchuleEins,dc=uni,dc=dtr root@sch-m4:~# getent group SchuleEins-wg1 SchuleEins-wg1:*:11269:staff1,student1,teacher1 root@sch-m4:~# /etc/init.d/univention-management-console-server restart /var/log/univention/management-console-module-schoolexam-master.log: 31.03.17 21:14:49.410 MODULE ( INFO ) : create_exam_user(): ignoring group 'cn=SchuleEins-wg1,cn=schueler,cn=groups,ou=SchuleEins,dc=uni,dc=dtr' as requested via regexp ----------------------------------------- r78568: wording The UCRV description in ucs-school-umc-exam-master.univention-config-registry-variables is missing. I guess this is intentional. If not, please reopen.
UCS@school 4.1 R2 v11 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v11-de.html If this error occurs again, please clone this bug.