Univention Bugzilla – Bug 50116
Add a script that fixes wrong objectClass and ucsschoolRole
Last modified: 2019-09-11 14:24:38 CEST
For some unknown reasons, some/all domaincontroller slave objects in UCS@school domains also contain the object classes "univentionWindows" and "ucsschoolComputer". As a result, the ucsschoolRole attribute has also been set incorrectly. This should be fixed during the update of the DC master.
ucsschoolRole: dc_slave_edu:school:gymmitte ucsschoolRole: win_computer:school:gymmitte objectClass: krb5KDCEntry objectClass: sambaSamAccount objectClass: univentionNagiosHostClass objectClass: ucsschoolComputer objectClass: top objectClass: univentionHost objectClass: univentionDomainController objectClass: univentionObject objectClass: univentionWindows objectClass: person objectClass: shadowAccount objectClass: univentionPortalComputer objectClass: krb5Principal objectClass: univentionPolicyReference objectClass: posixAccount objectClass: ucsschoolServer
Added a fix script "/usr/share/ucs-school-import/scripts/fix_ucsschool_slaves". It checks all domain controller slave objects in LDAP, whether 1) the object classes "univentionWindows" and "ucsschoolComputer" are set, and 2) the ucsschoolRole "win_computer:school:....." is set. Both will be corrected automatically by the script. With --dry-run you can execute a dry-run. By default not all information will be displayed on the console. With --verbose you can also display the debug output there. The debug output is always attached to the log file /var/log/univention/ucsschool-fix-slave-objects.log, so that you can read everything there again. The joinscript 35ucs-school-import.inst has been extended so that the fix script is executed on initial installations of UCS@school or updates from joinscript version 22 or lower. The new joinscript version is 23. A ucs-test script has also been added (270_fix_ucsschool_slaves) which performs a functional test. [4.4] f2ad3bec9 Bug #50116: update advisory [4.4] f9f5aafbf Bug #50116: add advisory [4.4] ca601af3b Bug #50116: Merge branch 'sschwardt/4.4/50116' into 4.4 [4.4] 6eff8d908 Bug #50116: add test for fix_ucsschool_slaves [4.4] 7f5db934f Bug #50116: call fix_ucsschool_slaves by join script [4.4] 4b4a9968e Bug #50116: add script fix_ucsschool_slaves Package: ucs-school-import Version: 17.0.12A~4.4.0.201909061131 Branch: ucs_4.4-0 Scope: ucs-school-4.4 Package: ucs-test-ucsschool Version: 6.0.47A~4.4.0.201909061158 Branch: ucs_4.4-0 Scope: ucs-school-4.4
Package: ucs-test-ucsschool Version: 6.0.48A~4.4.0.201909091020 Branch: ucs_4.4-0 Scope: ucs-school-4.4 [4.4] 99a24172e Bug #50117: fix fix_ucsschool_slaves
Changelog&Advisory: OK Packages install: OK Test passes: OK Script works: OK Joinscript adaption works: OK UCRV works: OK
Package: ucs-school-import Version: 17.0.13A~4.4.0.201909100937 Branch: ucs_4.4-0 Scope: ucs-school-4.4 [4.4] 10760fb18 Bug #50116: fix traceback in fix_ucschool_slaves if a slave is no school slave
[4.4 da65d23da] Bug #50116: advisory OK: code change OK: manual test: $ udm computers/domaincontroller_slave create --set name=dc01 → Object created: cn=dc01,dc=uni,dc=dtr $ python ... attrs = lo.get("cn=dc01,dc=uni,dc=dtr") lo.modify("cn=dc01,dc=uni,dc=dtr", [("objectClass", attrs["objectClass"], attrs["objectClass"] + ["univentionWindows"])]) $ fix_ucsschool_slaves --verbose ------------------------------------------------------------------ 2019-09-10 10:22:33 INFO fix_ucsschool_slaves.main:84 Looking for affected domaincontroller_slave objects... [..] 2019-09-10 10:22:33 DEBUG fix_ucsschool_slaves.fix_slave:46 Checking 'cn=dc01,dc=uni,dc=dtr' 2019-09-10 10:22:33 DEBUG fix_ucsschool_slaves.fix_slave:47 Attributes: {'objectClass': ['krb5KDCEntry', 'top', 'univentionHost', 'univentionDomainControll er', 'univentionObject', 'sambaSamAccount', 'person', 'shadowAccount', 'krb5Principal', 'posixAccount', 'univentionWindows']} 2019-09-10 10:22:33 INFO fix_ucsschool_slaves.fix_slave:59 Will modify: cn=dc01,dc=uni,dc=dtr 2019-09-10 10:22:33 INFO fix_ucsschool_slaves.fix_slave:60 Roles: {'new': [], 'old': []} 2019-09-10 10:22:33 INFO fix_ucsschool_slaves.fix_slave:61 ObjectClass: {'new': ['krb5KDCEntry', 'top', 'univentionHost', 'univentionDomainController' [..] ------------------------------------------------------------------ The lo.modify() with ('ucsschoolRole', [], []) seems to get optimized away by uldap. Otherwise there would be a problem here, as the object does not have the 'ucsschoolServer' objectClass and the 'ucsschoolRole' attribute cannot be set.
UCS@school 4.4 v3 has been released. https://docs.software-univention.de/changelog-ucsschool-4.4v3-de.html If this error occurs again, please clone this bug.