If a teacher is assigned to another mapped school while already present at the school authority site a move or nothing at all is done. I was able to detect the following cases: If the teacher is created with SchoolA & SchoolB he becomes a member of both schools. ✔️ If the teacher is created with SchoolA and later assigned to SchoolB he stays at SchoolA only. ❌ If the teacher is created with SchoolB and later assigned to SchoolA he is moved to SchoolA only. ❌ All in all there is no way to assign a teacher to another school after it's creation, so as a workaround the teacher has to be removed at the school authority and a reschedule has to be done.
Just for completeness: If the teacher is created with an unmapped school and is assigned to both SchoolA and SchoolB later on he becomes a member of both schools at the school authority as he is newly created in this case. ✔️ So what works: - Creation with all schools present - Creating without any mapped school present What does not work: - Assigning to a new school with mapped ones present
Are both schools members of the same school authority?
You mean like: GET school_to_authority_mapping { "mapping": { "SchoolA": "Auth", "SchoolB": "Auth" } ? Yes, they are. In my test env there is only one school authority present with three schools mapped.
addendum: The school_authorities mapping for users contains both "school": "school", "schools": "schools", if this is relevant.
Please attach logfiles for with the ID Connector side and the Kelvin side. Both logfiles should contain their respective configuration as well as the part where the user modification failed.
This is fixed with the new kelvin version 1.5.4 (-> testapp center). I added some tests for this. [twenzel/54411_multi_school_users] d537e09 Bug #54411: add changelog [twenzel/54411_multi_school_users] 92dbb97 Bug #54411: add test for multi school users If the teacher is created with SchoolB and later assigned to SchoolA he is moved to SchoolA only. ❌ -> how is this different to If the teacher is created with SchoolA and later assigned to SchoolB he stays at SchoolA only. ❌ or rather why should he be moved to SchoolA only?
He shouldn't be moved to SchoolA only in any case: In all 4 cases the teacher should be member of both schools, but this only works if he is created with both or assigned to them simultaneously. In my tests (and for the partner/customer too) the teacher is moved to SchoolA only or the assignment to SchoolB is not evaluated.
As discussed with jan-luca: seems like everything looks good. 2.2.3: digest: sha256:749de1bea6f5da7eb95a7a2afeb0e884758f78879672997da9c1e9173779cf2d size: 1990
With the fixed Kelvin REST API in version 1.5.4 adding and removing additional OUs works now. An updated ID Connector App Container with improves tests and a small security fix, will be released later. The ID Connector update is _not_ the fix for this bug, but Bug 54690 and Bug 54481, fixing the Kelvin REST API are.
The Kelvin REST API version 1.5.4 has been released. https://appcenter.software-univention.de/univention-repository/4.4/maintained/component/ucsschool-kelvin-rest-api_20220322152801/README_UPDATE_DE If this error occurs again, please clone this bug.