Bug 51724 - Add Import-Hook for staff members with home-drive and roaming-profil
Add Import-Hook for staff members with home-drive and roaming-profil
Product: UCS@school
Classification: Unclassified
Component: HTTP-API (Kelvin)
UCS@school 4.4
Other Linux
: P5 normal (vote)
: UCS@school 4.4 v6
Assigned To: Daniel Tröder
Ole Schwiegert
Depends on: 51768
  Show dependency treegraph
Reported: 2020-07-24 10:36 CEST by Tobias Wenzel
Modified: 2020-09-10 16:45 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Wenzel univentionstaff 2020-07-24 10:36:51 CEST
The methods of UCS@school staff users 


are overwritten to return None.

It should be possible to add this functionality to ImportStaff with an ImportHook, which can be used with the Kelvin API.


This should be possible be calling the super(Staff).* methods.
Comment 1 Ole Schwiegert univentionstaff 2020-07-24 11:00:39 CEST
We should also provide a normal import compatible version of the hook for all non Kelvin users.
Comment 2 Michel Smidt 2020-07-24 11:01:08 CEST
Related to Bug #51457 and Bug #51430.

We decided to create a hook for the time being because the customer environments are heterogeneous with regard to the synchronization of employee users to the school servers of the educational and administrative side. So every customer can decide for himself if he wants to use these possibilities.
Comment 3 Tobias Wenzel univentionstaff 2020-07-24 11:11:13 CEST
Added a Hook 

[twenzel/dl_staff_import_hook] 881fa7ec2 Bug #51724: staff import hook

Test it with

curl -X POST "http://$host/ucsschool/kelvin/v1/users/" -H  "accept: application/json" -H  "Authorization: Bearer $token" -H  "Content-Type: application/json" -d "{\"name\":\""user1"\",\"school\":\"https://$host/ucsschool/kelvin/v1/schools/DEMOSCHOOL\",\"firstname\":\"Demo 1\",\"lastname\":\"Staff\",\"birthday\":\"2020-01-15\",\"disabled\":false,\"email\":\"\",\"record_uid\":\""user$i"\",\"roles\":[\"https://$host/ucsschool/kelvin/v1/roles/staff\"],\"schools\":[\"https://$host/ucsschool/kelvin/v1/schools/DEMOSCHOOL\"]}";

udm users/user list --filter uid=user150 | egrep 'profilepath:|sambahome:|homedrive:|scriptpath:'
  homedrive: None
  profilepath: %LOGONSERVER%\%USERNAME%\windows-profiles\default
  sambahome: \\ucs-2890\user150
  scriptpath: None

-> To also enable homedrive & scriptpath, the corresponding ucrs have to be accessable in the kelvin container. This will be fixed when Bug 51726 is resolved.
Comment 4 Tobias Wenzel univentionstaff 2020-07-24 11:45:55 CEST
I added a hook for non kelvin users in

[twenzel/dl_staff_import_hook] 5f6ddeff8 Bug #51724: rename script & add import hook

as suggested in comment 1

and renamed the scripts.
Comment 5 Tobias Wenzel univentionstaff 2020-07-30 14:59:55 CEST
For the kelvin hook, the values are read from an ini file which is expected next to the hook
e.g. /var/lib/ucs-school-import/kelvin-hooks/share_paths.ini


- Do we need to install this or can we rely on the user to place it there? The script will fail if the file is not present or other keys are used.
- the user-name is added to SAMBA_HOME_FOLDER 

[twenzel/dl_staff_import_hook] 580b3e8d5 Bug #51724: Read share path information from ini file
Comment 6 Ole Schwiegert univentionstaff 2020-07-31 08:27:28 CEST
REOPEN for merge&build
Comment 7 Tobias Wenzel univentionstaff 2020-07-31 08:59:15 CEST
As discussed I reverted the changes in 
[twenzel/dl_staff_import_hook] 580b3e8d5 Bug #51724: Read share path information from ini file

merged & built ucs-school-import

Package: ucs-school-import
Version: 17.0.40A~
Branch: ucs_4.4-0
Scope: ucs-school-4.4

[4.4] 4deb3c46b Bug #51724: Yaml version
[4.4] 6c1a61f97 Bug #51724: Changelog & Yaml
[4.4] 2956226bc Bug #51724 Merge branch 'twenzel/dl_staff_import_hook' into 4.4
[4.4] 267f00eef Bug #51724: rename script & add import hook for common school users
[4.4] 133019585 Bug #51724: staff import hook
Comment 8 Ole Schwiegert univentionstaff 2020-08-04 12:59:05 CEST
The kelvin hook needs a docstring explaining the caveats for the hook introduced with Bug #51768 and the UCRv
Comment 9 Daniel Tröder univentionstaff 2020-08-11 13:04:22 CEST
If possible hook should run at the *pre* stage.
When they run at the *post* stage, they will trigger an additional LDAP modify operation (which slows down the import).

The hook must also run when modifying users, as the values may change when changing the school and thus the school server (see User.do_school_change). In reality this will not happen, as the code is executed only on the DC master.

A note about the UCRVs and Kelvin was added.

[4.4] 474385026 Bug #51724: run hook at pre-create and pre-modify steps
[4.4] d752721a5 Bug #51724: add note about UCRVs in Kelvin to hook
[4.4] 12d602fee Bug #51724: advisory update

ucs-school-import (17.0.42)
Comment 10 Ole Schwiegert univentionstaff 2020-08-12 07:18:29 CEST
Changelog&Advisory: OK
Hooks work: OK
Comment for Kelvin UCR: OK
Package installs: OK
Comment 11 Daniel Tröder univentionstaff 2020-09-10 16:45:11 CEST
An errata update to UCS@school 4.4 v6 has been released.


If this error occurs again, please clone this bug.