Univention Bugzilla – Bug 52986
regression to demo_admin missing school_admin role
Last modified: 2021-03-30 12:29:05 CEST
If demo_admin is not available (because of removed or not installed demo-school), the join script failes with error_code 3 (object not found). This is, because the fix only checks if the attribute exists but not the user itself. The only known workarround would be to uncomment the fix. Otherwise the application is marked as not configured: Warning: 'ucs-school-singlemaster' is not configured. Error: Not all install files configured: 1 missing +++ This bug was initially created as a clone of Bug #52970 +++ The create_demoportal.py script in ucs-school-metapackage does not append the school_admin schoolRole to the user, when it makes the teacher an admin.
The change in commit [4.4] def08663b Bug #52970: handle no OU 'DEMOSCHOOL' and no user 'demo_admin' was only applied to 62ucs-school-master.inst and not to 62ucs-school-singlemaster.inst. [4.4] cc1a2cbdc Bug #52986: handle no OU DEMOSCHOOL and no user demo_admin for singlemaster [4.4] 4df6dfc68 Bug #52986: advisory
Are you sure? I do not have the complete details, but /usr/lib/univention-install/62ucs-school-singlemaster.inst: # Bug #52970: add 'school_admin' role to user 'demo_admin' (missing prior to 4.4 v9) if [ $JS_LAST_EXECUTED_VERSION -lt 11 ] ; then if ! univention-ldapsearch -LLL uid=demo_admin ucsschoolRole | grep -q 'school_admin:school:DEMOSCHOOL'; then udm users/user modify "$@" \ --dn "uid=demo_admin,cn=lehrer,cn=users,ou=DEMOSCHOOL,$ldap_base" \ --append "ucsschoolRole=school_admin:school:DEMOSCHOOL" || die ### die <--- and this happens fi fi join.log (please see complete log with customer details in attached ticket initial message): RUNNING 62ucs-school-singlemaster.inst ... E: object not found EXITCODE=3 There is no check if demoschool is installed; if not, from my understanding, die must proceed as object not found is the result of the udm command.
QA I think the commit message is at least a bit misleading. First it is checked whether there is any demo_admin or not. If not, the joinscript continues. If it does exist and does not have the school role of DEMOSCHOOL, the role is appended. If DEMOSCHOOL is not installed there is neither a demo_user nor the school role, so the joinscript continues. I tested this by - removing DEMOSCHOOL - running the joinscript with the old code which lead to Running 62ucs-school-singlemaster.inst failed (exitcode: 3) - with the new code → joinscript passes as expected. changelog → OK advisory → OK @daniel, maybe you could confirm/ deny/ explain this
Hmm, this is the opposite result to our test. We removed the demo school and then ran the update to v9. Here the joinscript with exit code 3 hit the wall. We've[1] used a single-master-setup. [1]daniel duchon, michael grandjean
(In reply to Dirk Schnick from comment #2) > Are you sure? I do not have the complete details, but AFAICS Daniel Tröder referred to Commit def08663b -> https://github.com/univention/ucs-school/commit/def08663b90f57967730863520a1612a9da9ca5a#diff-0c2c042b0f41264509774fccba69ac629d9f12a22da28e44d96e660a5ec61ea5 This fixed the issue for multi-server on monday and thus before the release of 4.4 v9. However, the fix was not applied to the single-server joinscript. This was done with Commit cc1a2cbdc yesterday: -> https://github.com/univention/ucs-school/commit/cc1a2cbdc1d43e1ea50ee69764065802854bc0e5#diff-e7d4d8a37b7a9768f94ee0081bd19e5e01a59c6f2bd26c875c829841bb891396 Tobias tested yesterday's fix and the result seems fine to me (didn't test myself, but comment #3 sounds reasonable and what I would expect).
wonderful verified
Published as erratum to 4.4 v9.