Bug 51724 – Add Import-Hook for staff members with home-drive and roaming-profil

Bug 51724 - Add Import-Hook for staff members with home-drive and roaming-profil


Summary:	Add Import-Hook for staff members with home-drive and roaming-profil

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	HTTP-API (Kelvin)
Version:	UCS@school 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.4 v6
Assigned To:	Daniel Tröder
QA Contact:	Ole Schwiegert

URL:
Keywords:

Depends on:	51768
Blocks:
	Show dependency tree / graph

Reported:	2020-07-24 10:36 CEST by Tobias Wenzel
Modified:	2020-09-10 16:45 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Wenzel

2020-07-24 10:36:51 CEST

The methods of UCS@school staff users 

get_samba_home_path
get_profile_path
get_samba_home_drive
get_samba_netlogon_script_path

are overwritten to return None.

It should be possible to add this functionality to ImportStaff with an ImportHook, which can be used with the Kelvin API.


Note:

This should be possible be calling the super(Staff).* methods.

Comment 1 Ole Schwiegert

2020-07-24 11:00:39 CEST

We should also provide a normal import compatible version of the hook for all non Kelvin users.

Comment 2 Michel Smidt 2020-07-24 11:01:08 CEST

Related to Bug #51457 and Bug #51430.

We decided to create a hook for the time being because the customer environments are heterogeneous with regard to the synchronization of employee users to the school servers of the educational and administrative side. So every customer can decide for himself if he wants to use these possibilities.

Comment 3 Tobias Wenzel

2020-07-24 11:11:13 CEST

Added a Hook 

[twenzel/dl_staff_import_hook] 881fa7ec2 Bug #51724: staff import hook

Test it with

curl -X POST "http://$host/ucsschool/kelvin/v1/users/" -H  "accept: application/json" -H  "Authorization: Bearer $token" -H  "Content-Type: application/json" -d "{\"name\":\""user1"\",\"school\":\"https://$host/ucsschool/kelvin/v1/schools/DEMOSCHOOL\",\"firstname\":\"Demo 1\",\"lastname\":\"Staff\",\"birthday\":\"2020-01-15\",\"disabled\":false,\"email\":\"\",\"record_uid\":\""user$i"\",\"roles\":[\"https://$host/ucsschool/kelvin/v1/roles/staff\"],\"schools\":[\"https://$host/ucsschool/kelvin/v1/schools/DEMOSCHOOL\"]}";

udm users/user list --filter uid=user150 | egrep 'profilepath:|sambahome:|homedrive:|scriptpath:'
  homedrive: None
  profilepath: %LOGONSERVER%\%USERNAME%\windows-profiles\default
  sambahome: \\ucs-2890\user150
  scriptpath: None


-> To also enable homedrive & scriptpath, the corresponding ucrs have to be accessable in the kelvin container. This will be fixed when Bug 51726 is resolved.

Comment 4 Tobias Wenzel

2020-07-24 11:45:55 CEST

I added a hook for non kelvin users in

[twenzel/dl_staff_import_hook] 5f6ddeff8 Bug #51724: rename script & add import hook

as suggested in comment 1

and renamed the scripts.

Comment 5 Tobias Wenzel

2020-07-30 14:59:55 CEST

For the kelvin hook, the values are read from an ini file which is expected next to the hook
e.g. /var/lib/ucs-school-import/kelvin-hooks/share_paths.ini

SAMBA_HOME_FOLDER=\\ucs-3303
PROFILE_PATH=%LOGONSERVER%\%USERNAME%\windows-profiles\default
HOME_DRIVE=I:
SCRIPT_PATH=ucs-school-logon.vbs

Remarks:
- Do we need to install this or can we rely on the user to place it there? The script will fail if the file is not present or other keys are used.
- the user-name is added to SAMBA_HOME_FOLDER 


[twenzel/dl_staff_import_hook] 580b3e8d5 Bug #51724: Read share path information from ini file

Comment 6 Ole Schwiegert

2020-07-31 08:27:28 CEST

REOPEN for merge&build

Comment 7 Tobias Wenzel

2020-07-31 08:59:15 CEST

As discussed I reverted the changes in 
[twenzel/dl_staff_import_hook] 580b3e8d5 Bug #51724: Read share path information from ini file

merged & built ucs-school-import

Package: ucs-school-import
Version: 17.0.40A~4.4.0.202007310854
Branch: ucs_4.4-0
Scope: ucs-school-4.4


[4.4] 4deb3c46b Bug #51724: Yaml version
[4.4] 6c1a61f97 Bug #51724: Changelog & Yaml
[4.4] 2956226bc Bug #51724 Merge branch 'twenzel/dl_staff_import_hook' into 4.4
[4.4] 267f00eef Bug #51724: rename script & add import hook for common school users
[4.4] 133019585 Bug #51724: staff import hook

Comment 8 Ole Schwiegert

2020-08-04 12:59:05 CEST

The kelvin hook needs a docstring explaining the caveats for the hook introduced with Bug #51768 and the UCRv

Comment 9 Daniel Tröder

2020-08-11 13:04:22 CEST

If possible hook should run at the *pre* stage.
When they run at the *post* stage, they will trigger an additional LDAP modify operation (which slows down the import).

The hook must also run when modifying users, as the values may change when changing the school and thus the school server (see User.do_school_change). In reality this will not happen, as the code is executed only on the DC master.

A note about the UCRVs and Kelvin was added.

[4.4] 474385026 Bug #51724: run hook at pre-create and pre-modify steps
[4.4] d752721a5 Bug #51724: add note about UCRVs in Kelvin to hook
[4.4] 12d602fee Bug #51724: advisory update

ucs-school-import (17.0.42)

Comment 10 Ole Schwiegert

2020-08-12 07:18:29 CEST

Changelog&Advisory: OK
Hooks work: OK
Comment for Kelvin UCR: OK
Package installs: OK

Comment 11 Daniel Tröder

2020-09-10 16:45:11 CEST

An errata update to UCS@school 4.4 v6 has been released.

https://docs.software-univention.de/changelog-ucsschool-4.4v6-de.html

If this error occurs again, please clone this bug.