Bug 44225 - (4.2) OX activated exam-user creates s4 tracebacks
(4.2) OX activated exam-user creates s4 tracebacks
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: UMC - Exam mode
UCS@school 4.2
Other Linux
: P5 normal (vote)
: UCS@school 4.2 v2
Assigned To: Daniel Tröder
Florian Best
:
Depends on:
Blocks: 44408
  Show dependency treegraph
 
Reported: 2017-04-03 12:58 CEST by Christina Scheinig
Modified: 2017-06-23 13:32 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 4: A User would return the product
User Pain: 0.229
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017040321000425
Bug group (optional): API change
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2017-04-03 12:58:13 CEST
The customer reported that an S4-Connector-Reject is created by the exam-user, if the original-user is an activated ox-user.

The customer presumed that this behaviour is produced, because the mailPrimaryAddress attribut is deleted for the exam mode and the exam-user gets the same oxDisplayName as the original-user

Creating the exam-user without mail-account does not really work. The mail account is created anyway.
Comment 1 Sönke Schwardt-Krummrich univentionstaff 2017-04-03 13:05:51 CEST
02.04.2017 16:18:48,805 LDAP        (PROCESS): sync to ucs:   [          user] [    modify] uid=exam-foobar,cn=examusers,ou=school1,dc=example,dc=com
02.04.2017 16:18:51,929 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
02.04.2017 16:18:51,929 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1493, in sync_to_ucs
    result = self.modify_in_ucs(property_type, object, module, position)
  File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1276, in modify_in_ucs
    return ucs_object.modify() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/users/user.py", line 1532, in modify
    return super(object, self).modify(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 317, in modify
    return self._modify(modify_childs, ignore_license=ignore_license)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 796, in _modify
    self.call_udm_property_hook('hook_ldap_pre_modify', self)
  File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 639, in call_udm_property_hook
    func(module)
  File "/usr/lib/pymodules/python2.7/univention/admin/hooks.d/oxAccess.py", line 197, in hook_ldap_pre_modify
    self.check_mailaddr(module)
  File "/usr/lib/pymodules/python2.7/univention/admin/hooks.d/oxAccess.py", line 91, in check_mailaddr
    raise univention.admin.uexceptions.valueError(_("The primary mail address is required for Open-Xchange users. Currently the users' primary mail address is not set."))
valueError: The primary mail address is required for Open-Xchange users. Currently the users' primary mail address is not set.
Comment 2 Daniel Tröder univentionstaff 2017-04-03 16:22:16 CEST
The ext attribute "isOxUser" must be unset on the exam-user.
Comment 3 Daniel Tröder univentionstaff 2017-04-19 15:10:45 CEST
Sorry - accidentally fixed it in 4.2 first. Cloned the bug for the original 4.1r2 to Bug #44408.

===========================================================

r78833: run hooks on the master before creating ExamUsers

run-parts on /usr/share/ucs-school-exam-master/hooks/create_exam_user_pre.d

This is used by univention-ox' 10exam_user_not_ox_user:

r78834: install pre-create hook for UCS@school to prevent activating OX for exam users

This hook interface can be used by other apps that install problematic extended attributes, too.

Package: ucs-school-umc-exam
Version: 7.0.3-4A~4.2.0.201704191506
Branch: ucs_4.2-0
Scope: ucs-school-4.2

Package: univention-ox
Version: 9.0.1-16A~4.2.0.201704191509
Branch: ucs_4.2-0
Scope: oxse4ucs
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2017-05-23 23:16:36 CEST
The hook script 10exam_user_not_ox_user is installed by package univention-ox on the OX system. The UCS@school exam-mode call the hooks always on the DC master. So I don't think this will always work.

I would suggest to move the hook script to package ucs-school-umc-exam-master, so univention-ox is left untouched and UCS@school brings everything required with it and there is no cross dependency.

Btw: how big is the slow down when creating exam-users by adding a additional exam hook script?
Comment 5 Daniel Tröder univentionstaff 2017-05-24 10:02:57 CEST
(In reply to Sönke Schwardt-Krummrich from comment #4)
> Btw: how big is the slow down when creating exam-users by adding a
> additional exam hook script?
The pre create hooks code was changed to run only if there are hooks in the file system. When there are non, it will cost only a single filesystem access (os.listdir() call is cached for the session/lifetime of the UMC module).

r79603: dump AL and start run-parts for pre create hooks only if there are any hooks

(In reply to Sönke Schwardt-Krummrich from comment #4)
> The hook script 10exam_user_not_ox_user is installed by package
> univention-ox on the OX system. The UCS@school exam-mode call the hooks
> always on the DC master. So I don't think this will always work.
Yes, this is a problem.

> I would suggest to move the hook script to package
> ucs-school-umc-exam-master, so univention-ox is left untouched and
> UCS@school brings everything required with it and there is no cross
> dependency.
This would mean that in all school installations - regardless if OX is installed or not - the exam mode would run the pre create hook.

I see a few possible solutions:
1. create a new ucs-school-ox-support package, and tell ucs@school customers about it
2. add it to univention-ox-dependencies-master - but master-packages are already considered deprecated by the app center team
3. expand the hook-interface to ask each hook if its pre-conditions are met, and not run them if they are not (would be cached for the session/lifetime of the UMC module)
4. always install the hook and make the exam mode startup slower by 2 cPickle calls per user

Order of my preference is 1, 3, 4, 2.

IMHO 1. is also correct, because it is not OX' "fault", that u@s clones a user, and not all u@s installations use OX. Such a ox-with-school support package might in the future become necessary anyway.
Comment 6 Daniel Tröder univentionstaff 2017-05-24 17:05:30 CEST
We will implement 1. (ucs-school-ox-support package) and convert the hooks to Python based hooks (not run-parts) for better speed.
Comment 7 Daniel Tröder univentionstaff 2017-05-29 14:15:26 CEST
* The PyHook code that had been created for the new import, has been moved to the ucsschool.lib.
* The exam package now uses it to load and run exam user pre-create hooks.
* A new package was created: ucs-school-ox-support. It will help integrate Open-Xchange in UCS@school environments. For now it only installs a hook to prevent the creation of temporary exam users with Open-Xchange accounts.


79711: move PyHook code from import to ucsschool.lib
79712: run pre-create hooks through ExamUserPyHook interface
79713: add exam user pre-create hook
79714: advisories


Branch: ucs_4.2-0
Scope: ucs-school-4.2

Package: ucs-school-lib
Version: 10.0.2-3A~4.2.0.201705291401

Package: ucs-school-import
Version: 15.0.0-4A~4.2.0.201705291403

Package: ucs-school-umc-exam
Version: 7.0.4-8A~4.2.0.201705291404

Package: ucs-school-ox-support
Version: 1.0.0-1A~4.2.0.201705291408
Comment 8 Daniel Tröder univentionstaff 2017-05-29 15:01:31 CEST
QA: the file /usr/share/ucs-school-exam-master/pyhooks/create_exam_user_pre/exam_user_not_ox_user.py must be installed on the DC master. Currently the package ucs-school-ox-support doesn't make sure of this in a technical way.

The existence, purpose and installation target of this package will be communicated to UCS@school customers. So I assume that is enough. Reopen, if you think it should depend on univention-server-master or ucs-school-master or ucs-school-singlemaster.
Comment 9 Florian Best univentionstaff 2017-05-29 17:58:44 CEST
The old, now removed, hook mechanism is not used in the wild or documented anywhere?
Comment 10 Daniel Tröder univentionstaff 2017-05-30 10:10:40 CEST
The place and API of the documented import hook mechanism is left untouched: http://docs.software-univention.de/ucsschool-import-handbuch-4.1R2.html#extending:hooks

-> from ucsschool.importer.utils.user_pyhook import UserPyHook

UserPyHooks base class changed, but its modules place, name and API is unchanged.
Comment 11 Daniel Tröder univentionstaff 2017-05-30 13:29:45 CEST
I forgot to remove the hook from the ox integration package.

r79942: move exam hook to ucs-school-ox-support package

Package: univention-ox
Version: 9.0.1-34A~4.2.0.201705301329
Branch: ucs_4.2-0
Scope: oxse4ucs
Comment 12 Florian Best univentionstaff 2017-06-01 17:21:43 CEST
If the additional package is not installed you will receive a traceback and no exam user at all is created:

Execution of command 'schoolexam-master/create-exam-user' has failed:

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.7/univention/management/console/base.py", line 281, in execute
    function(self, request)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/decorators.py", line 190, in _response
    return function(self, request)
  File "/usr/lib/pymodules/python2.7/ucsschool/lib/schoolldap.py", line 145, in wrapper_func
    return func(*args, **kwargs)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolexam-master/__init__.py", line 311, in create_exam_user
    al = self.run_pre_create_hooks(exam_user_dn, al, ldap_admin_write)
  File "/usr/lib/pymodules/python2.7/univention/management/console/modules/schoolexam-master/__init__.py", line 444, in run_pre_create_hooks
    for hook in cls._pre_create_hooks['pre_create']:
KeyError: 'pre_create'
Comment 13 Daniel Tröder univentionstaff 2017-06-02 09:08:22 CEST
r80003: fix KeyError if no hook is installed
r80004: advisory update
Comment 14 Florian Best univentionstaff 2017-06-02 10:12:49 CEST
OK: exam users can be created with OX and s4-connector
OK: fix w/o ucs-school-ox-support
OK: YAML
Comment 15 Sönke Schwardt-Krummrich univentionstaff 2017-06-23 13:32:26 CEST
UCS@school 4.2 v2 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.2v2-de.html

If this error occurs again, please clone this bug.