Bug 49448 – [4.3] No access verwaltungsserver of second school for user

Bug 49448 - [4.3] No access verwaltungsserver of second school for user


Summary:	[4.3] No access verwaltungsserver of second school for user

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	LDAP
Version:	UCS@school 4.3
Hardware:	amd64 Linux

Importance:	P5 minor (vote)
Target Milestone:	UCS@school 4.3 v9
Assigned To:	Sönke Schwardt-Krummrich
QA Contact:	Ole Schwiegert

URL:
Keywords:

Depends on:	48924
Blocks:
	Show dependency tree / graph

Reported:	2019-05-10 17:02 CEST by Sönke Schwardt-Krummrich
Modified:	2019-05-20 14:14 CEST (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	4: A User would return the product
User Pain:	0.229
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2018061121000593
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Schwardt-Krummrich

2019-05-10 17:02:44 CEST

Should be released for UCS@school 4.3, too.

+++ This bug was initially created as a clone of Bug #48924 +++

Overwiew:
A user that is listed as teacher and staff is added to a second school, but does not get access to the management server (Verwaltungsserver) on the second school.

Steps to Reproduce:
1) Install a master and two educational slave servers. One for each school.
2) Set UCR variable ucsschool/import/generate/policy/dhcp/dns/set_per_ou to false. (I missed to do it before joining the educational slaves. I'm not sure if that has any influence)
3) Install and join the two management server.
4) create a "teacher and staff" user over the UMC.
5) add the user to the second school.
6) try to log in as the user from the domain of the management server of the second school.

Actual Results:
The user is not able to log in at the management server of the second school.

Expected results:
The user is able to log in at the management server of the second school.

Build Date & Hardware:
Tested on KVM machines UCS 4.3-3. At 08.03.19.

Additional Builds and Platforms: 
The servers where UCS 4.3-3 and the clients Windows 10 Professional

Additional Information:
LDAP contains no entry for the user on the management server of the second school, but on all the others.

Comment 1 Sönke Schwardt-Krummrich

2019-05-10 17:13:57 CEST

[4.3] 5401a39eb Bug #49448, #48924: Merge branch 'sschwardt/48924/43/multiou-staff-on-adm-slave' into 4.3
[4.3] 4823fa104 Bug #49448, 48924: give permission for administrative slaves/memberservers to read/replicate multi-OU staff users
[4.3] f0cf4ba2f Bug #49448, #48924: add/update LDAP ACL test script for edu/adm slave

Package: ucs-school-ldap-acls-master
Version: 16.0.4-1A~4.3.0.201905101711
Branch: ucs_4.3-0
Scope: ucs-school-4.3

Comment 2 Ole Schwiegert

2019-05-13 08:40:17 CEST

Changelog: OK
Advisory: MISSING
Package installs: OK
test packages: NOT BUILD

Changes work as intended. Tested by creating multi school environemt (without actual hardware as discussed). Created multi school users and tested LDAP access for the added schools Verwaltungsserver.

Comment 3 Sönke Schwardt-Krummrich

2019-05-13 09:19:49 CEST

Package: ucs-test-ucsschool
Version: 5.0.4-13A~4.3.0.201905130917
Branch: ucs_4.3-0
Scope: ucs-school-4.3

[4.4] 38c2f95db Bug #48924: add advisory

Comment 4 Sönke Schwardt-Krummrich

2019-05-13 09:20:42 CEST

> [4.4] 38c2f95db Bug #48924: add advisory
s/^.*$[4.3] 9aaab66a4 Bug #49448: add advisory/

Comment 5 Ole Schwiegert

2019-05-13 09:39:40 CEST

Advisory: OK
Tests pass: OK

Comment 6 Sönke Schwardt-Krummrich

2019-05-20 14:14:52 CEST

UCS@school 4.3 v8 has been released.

https://docs.software-univention.de/changelog-ucsschool-4.3v8-de.html

If this error occurs again, please clone this bug.