Univention Bugzilla – Bug 44225
(4.2) OX activated exam-user creates s4 tracebacks
Last modified: 2017-06-23 13:32:26 CEST
The customer reported that an S4-Connector-Reject is created by the exam-user, if the original-user is an activated ox-user. The customer presumed that this behaviour is produced, because the mailPrimaryAddress attribut is deleted for the exam mode and the exam-user gets the same oxDisplayName as the original-user Creating the exam-user without mail-account does not really work. The mail account is created anyway.
02.04.2017 16:18:48,805 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=exam-foobar,cn=examusers,ou=school1,dc=example,dc=com 02.04.2017 16:18:51,929 LDAP (ERROR ): Unknown Exception during sync_to_ucs 02.04.2017 16:18:51,929 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1493, in sync_to_ucs result = self.modify_in_ucs(property_type, object, module, position) File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1276, in modify_in_ucs return ucs_object.modify() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1532, in modify return super(object, self).modify(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 317, in modify return self._modify(modify_childs, ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 796, in _modify self.call_udm_property_hook('hook_ldap_pre_modify', self) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 639, in call_udm_property_hook func(module) File "/usr/lib/pymodules/python2.7/univention/admin/hooks.d/oxAccess.py", line 197, in hook_ldap_pre_modify self.check_mailaddr(module) File "/usr/lib/pymodules/python2.7/univention/admin/hooks.d/oxAccess.py", line 91, in check_mailaddr raise univention.admin.uexceptions.valueError(_("The primary mail address is required for Open-Xchange users. Currently the users' primary mail address is not set.")) valueError: The primary mail address is required for Open-Xchange users. Currently the users' primary mail address is not set.
The ext attribute "isOxUser" must be unset on the exam-user.
Sorry - accidentally fixed it in 4.2 first. Cloned the bug for the original 4.1r2 to Bug #44408. =========================================================== r78833: run hooks on the master before creating ExamUsers run-parts on /usr/share/ucs-school-exam-master/hooks/create_exam_user_pre.d This is used by univention-ox' 10exam_user_not_ox_user: r78834: install pre-create hook for UCS@school to prevent activating OX for exam users This hook interface can be used by other apps that install problematic extended attributes, too. Package: ucs-school-umc-exam Version: 7.0.3-4A~4.2.0.201704191506 Branch: ucs_4.2-0 Scope: ucs-school-4.2 Package: univention-ox Version: 9.0.1-16A~4.2.0.201704191509 Branch: ucs_4.2-0 Scope: oxse4ucs
The hook script 10exam_user_not_ox_user is installed by package univention-ox on the OX system. The UCS@school exam-mode call the hooks always on the DC master. So I don't think this will always work. I would suggest to move the hook script to package ucs-school-umc-exam-master, so univention-ox is left untouched and UCS@school brings everything required with it and there is no cross dependency. Btw: how big is the slow down when creating exam-users by adding a additional exam hook script?
(In reply to Sönke Schwardt-Krummrich from comment #4) > Btw: how big is the slow down when creating exam-users by adding a > additional exam hook script? The pre create hooks code was changed to run only if there are hooks in the file system. When there are non, it will cost only a single filesystem access (os.listdir() call is cached for the session/lifetime of the UMC module). r79603: dump AL and start run-parts for pre create hooks only if there are any hooks (In reply to Sönke Schwardt-Krummrich from comment #4) > The hook script 10exam_user_not_ox_user is installed by package > univention-ox on the OX system. The UCS@school exam-mode call the hooks > always on the DC master. So I don't think this will always work. Yes, this is a problem. > I would suggest to move the hook script to package > ucs-school-umc-exam-master, so univention-ox is left untouched and > UCS@school brings everything required with it and there is no cross > dependency. This would mean that in all school installations - regardless if OX is installed or not - the exam mode would run the pre create hook. I see a few possible solutions: 1. create a new ucs-school-ox-support package, and tell ucs@school customers about it 2. add it to univention-ox-dependencies-master - but master-packages are already considered deprecated by the app center team 3. expand the hook-interface to ask each hook if its pre-conditions are met, and not run them if they are not (would be cached for the session/lifetime of the UMC module) 4. always install the hook and make the exam mode startup slower by 2 cPickle calls per user Order of my preference is 1, 3, 4, 2. IMHO 1. is also correct, because it is not OX' "fault", that u@s clones a user, and not all u@s installations use OX. Such a ox-with-school support package might in the future become necessary anyway.
We will implement 1. (ucs-school-ox-support package) and convert the hooks to Python based hooks (not run-parts) for better speed.
* The PyHook code that had been created for the new import, has been moved to the ucsschool.lib. * The exam package now uses it to load and run exam user pre-create hooks. * A new package was created: ucs-school-ox-support. It will help integrate Open-Xchange in UCS@school environments. For now it only installs a hook to prevent the creation of temporary exam users with Open-Xchange accounts. 79711: move PyHook code from import to ucsschool.lib 79712: run pre-create hooks through ExamUserPyHook interface 79713: add exam user pre-create hook 79714: advisories Branch: ucs_4.2-0 Scope: ucs-school-4.2 Package: ucs-school-lib Version: 10.0.2-3A~4.2.0.201705291401 Package: ucs-school-import Version: 15.0.0-4A~4.2.0.201705291403 Package: ucs-school-umc-exam Version: 7.0.4-8A~4.2.0.201705291404 Package: ucs-school-ox-support Version: 1.0.0-1A~4.2.0.201705291408
QA: the file /usr/share/ucs-school-exam-master/pyhooks/create_exam_user_pre/exam_user_not_ox_user.py must be installed on the DC master. Currently the package ucs-school-ox-support doesn't make sure of this in a technical way. The existence, purpose and installation target of this package will be communicated to UCS@school customers. So I assume that is enough. Reopen, if you think it should depend on univention-server-master or ucs-school-master or ucs-school-singlemaster.
The old, now removed, hook mechanism is not used in the wild or documented anywhere?
The place and API of the documented import hook mechanism is left untouched: http://docs.software-univention.de/ucsschool-import-handbuch-4.1R2.html#extending:hooks -> from ucsschool.importer.utils.user_pyhook import UserPyHook UserPyHooks base class changed, but its modules place, name and API is unchanged.
I forgot to remove the hook from the ox integration package. r79942: move exam hook to ucs-school-ox-support package Package: univention-ox Version: 9.0.1-34A~4.2.0.201705301329 Branch: ucs_4.2-0 Scope: oxse4ucs
If the additional package is not installed you will receive a traceback and no exam user at all is created: Execution of command 'schoolexam-master/create-exam-user' has failed: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 281, in execute function(self, request) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 190, in _response return function(self, request) File "/usr/lib/pymodules/python2.7/ucsschool/lib/schoolldap.py", line 145, in wrapper_func return func(*args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolexam-master/__init__.py", line 311, in create_exam_user al = self.run_pre_create_hooks(exam_user_dn, al, ldap_admin_write) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolexam-master/__init__.py", line 444, in run_pre_create_hooks for hook in cls._pre_create_hooks['pre_create']: KeyError: 'pre_create'
r80003: fix KeyError if no hook is installed r80004: advisory update
OK: exam users can be created with OX and s4-connector OK: fix w/o ucs-school-ox-support OK: YAML
UCS@school 4.2 v2 has been released. http://docs.software-univention.de/changelog-ucsschool-4.2v2-de.html If this error occurs again, please clone this bug.