Univention Bugzilla – Bug 51245
disable selfservice-invitation feature by default in UCS@school
Last modified: 2020-08-05 17:07:40 CEST
When a user is created with a set PasswordRecoveryEmail and pwdChangeNextLogin=1 the listener module selfservice-invitation.py in cooperation with a daemon will send an invitation email to the user. This feature was developed in Bug #48446. In UCS@school this automatism is most likely not desired. So it should be disabled by default. But it should be possible to reenable it. Listener and (mail sending) daemon can be disabled by umc/self-service/invitation/enabled=false * Create a UCR policy for all central domain controllers (the self service component can be installed on DC master and DC backup systems) to disable the feature by default. * Write a help article on how to reenable it (how to change the UCR policy). The article should not be published before the code change has been published.
What should happen if there is another UCR policy already linked to the DCs?
Solution pushed to branch troehmey/bug51245 with commit commit 1acba97e878294440a6685ca3ad90e5606e2655a Bug #51245: Added UCR policy The policy is created in the join-script "ucs-school-selfservice-support/67ucs-school-selfservice-support.inst" Executing this script leads to a result like this for each school listed on the ldap: DN: cn=Invitation,cn=policies,ou=DEMOSCHOOL,dc=intranet,dc=roehmeyer,dc=de ldapFilter: None name: Invitation registry: umc/self-service/invitation/enabled false The corresponding how-to article: https://help.univention.com/t/how-to-re-enable-self-service-invitation-feature/15195
Help-Article All relevant information to reable are there, but What is the motivation? -> Shortly explain what you changed and when your code is executed. -> ...if you don't want that, you can reenable the invitation-policy (-> udm policies/registry modify ...) When the code is published, also include a version. I liked that you linked our documentation, this provides a good entry point for further investigations. ----------------------- Code: Make sure, you don't nest "", your ide might help you there, e.g.: --dn "cn=dc${OU}-1,cn=dc,cn=computers,ou=$OU,"$ldap_base"" \ The policy-reference is set to something else: udm computers/domaincontroller_slave "$@" \ --dn "cn=dc${OU}-1,cn=dc,cn=computers,ou=$OU,"$ldap_base"" \ --policy-reference "cn=dhcpd_ldap_base,cn=policies,ou=$ou,"$ldap_base"" Maybe you meant: --policy-reference "cn=Invitation,cn=policies,ou=$ou,$ldap_base" I figure, you got this from here: https://docs.software-univention.de/ucsschool-handbuch-4.4.html#import I would suggest using lowercase names, e.g. send_self_service_invitation instead of Invitation. You only considered dc slave, but you if statement includes cd masters, too. Was there a discussion about this? What should happen if there is another UCR policy already linked to the DCs?
Fixed code with commit commit 368448abf1a6bec180c4444415bfd57a8365993f Bug #51245: fixed policy reference on branch troehmey/bug51245. Resulting policy reference for DC: univentionPolicyReference: cn=send_self_service_invitation,cn=policies,ou=DEMOSCHOOL,dc=intranet,dc=roehmeyer,dc=de Improved help article on help.univention.com
QA -> REOPEN Remarks: - If you create the policy at `cn=policies,$ldap_base`, you don't need to put the code into the school for-loop - Don't forget the quotation mark in `name="send_self_service_invitation"` - Add a parameter --ignore-exists in the create command (and please check if the values are left as is or modified) - If the udm commands fail we want the script to `|| die` If a user decided to create a policy at this position with the same name, we don't modify it but leave it as is. Policies with different names, which set the same values are ignored. Add this information to the help-article.
Applied fixes with commits commit 91eec97e4d94178a0a42234cdc4551e6605b2ece Bug #51245: moved udm commands out of the loop commit ad12dfee3652eff8e6548d19f86d20a536671399 Bug #51245: added quotation marks The ucr value does not get modified with --ignore_exist parameter.
Thanks for the code changes! QA -> all ok -> REOPEN for merge&build
QA -> forgot to REOPEN
Merged to 4.4 with the following commits: commit 075d0b0b3020572d521d0ec398d1ddad507428f3 Bug #51245: added yaml for ucs-school-selfservice_support commit bf9f2c4bb24d068fa517f321c022bcc46cf562d3 Bug #51245: added changelog entry commit 1769ff9e24d6342d1475f61a7417de4dc1895e1f Bug #51245: Merge branch 'troehmey/bug51245' into 4.4 Successful build: Package: ucs-school-selfservice-support Version: 3.0.0-1A~4.4.0.202006151942 Branch: ucs_4.4-0 Scope: ucs-school-4.4 Help article has been modified to include the information from comment #5
QA -> all ok -> VERIFY No merge conflicts -> ok Changelog -> ok yaml -> ok [4.4] a144dfd36 Bug #51245: added url to help article in yaml [4.4] 075d0b0b3 Bug #51245: added yaml for ucs-school-selfservice_support [4.4] bf9f2c4bb Bug #51245: added changelog entry [4.4] 1769ff9e2 Bug #51245: Merge branch 'troehmey/bug51245' into 4.4
REOPEN: * This bug has no target milestone set. * This bug makes changes in UCS but is set to the product UCS@school. * The shell quoting for eval "$(ucr shell)" is missing.
(In reply to Florian Best from comment #11) > * This bug makes changes in UCS but is set to the product UCS@school. Oups, that's wrong, sorry. I looked only in the branch name.
Thanks for the open eyes! I added the quotation marks and the milestone. Package: ucs-school-selfservice-support Version: 3.0.0-2A~4.4.0.202006191616 Branch: ucs_4.4-0 Scope: ucs-school-4.4
*** Bug 50230 has been marked as a duplicate of this bug. ***
OK: quotation marks and MS I have edited the help page: - udm policies/registry modify --dn "<domain_name>" ... + DN="cn=send_self_service_invitation,cn=policies,$(ucr get ldap/base)" + udm policies/registry modify --dn "$DN" ... I have updated the package version in the advisory: [4.4 20b829ec8] Bug #51245: update advisory
UCS@school 4.4 v6 has been released. https://docs.software-univention.de/changelog-ucsschool-4.4v6-de.html If this error occurs again, please clone this bug.