Univention Bugzilla – Bug 54415
Correct school admin is detected as wrong
Last modified: 2022-10-14 13:58:05 CEST
I created a SchoolAdmin via UMC and added him to another school. For that I added the relevant roles, groups and school fields: DN: uid=test_admin,cn=admins,cn=users,ou=DEMOSCHOOL,dc=realm4,dc=intranet accountActivationDate: None birthday: None city: None country: None departmentNumber: DEMOSCHOOL description: None disabled: 0 displayName: school admin employeeNumber: None employeeType: None firstname: school gecos: school admin gidNumber: 5086 groups: cn=admins-demoschool,cn=ouadmins,cn=groups,dc=realm4,dc=intranet groups: cn=Domain Users DEMOSCHOOL,cn=groups,ou=DEMOSCHOOL,dc=realm4,dc=intranet groups: cn=admins-school1,cn=ouadmins,cn=groups,dc=realm4,dc=intranet groups: cn=Domain Users School1,cn=groups,ou=School1,dc=realm4,dc=intranet homeShare: None homeSharePath: None homedrive: I: initials: None jpegPhoto: None lastbind: None lastname: admin locked: 0 lockedTime: 0 mailForwardCopyToSelf: 0 mailHomeServer: None mailPrimaryAddress: None organisation: None overridePWHistory: None overridePWLength: None password: {crypt}$6$.J.DP1FZvAiSxAJG$mDfy7WRiVWpC5pn/gRcY3wkWv6vd85zHZF/KK2MVSLED0B3Ob8K7BuFFG4T0pa3Jc67.XhY17FLYKWuFxMFDD1 passwordexpiry: None physicalDeliveryOfficeName: None postcode: None preferredDeliveryMethod: None preferredLanguage: None primaryGroup: cn=Domain Users DEMOSCHOOL,cn=groups,ou=DEMOSCHOOL,dc=realm4,dc=intranet profilepath: %LOGONSERVER%\%USERNAME%\windows-profiles\default pwdChangeNextLogin: None sambaLogonHours: None sambaRID: 5032 sambahome: \\dc0\test_admin school: DEMOSCHOOL school: School1 scriptpath: ucs-school-logon.vbs shell: /bin/bash street: None title: None ucsschoolPurgeTimestamp: None ucsschoolRecordUID: None ucsschoolRole: school_admin:school:DEMOSCHOOL ucsschoolRole: school_admin:school:School1 ucsschoolSourceUID: None uidNumber: 2016 unixhome: /home/test_admin unlock: None unlockTime: None userexpiry: None username: test_admin The system diagnositc reports him as an object with errors: UCS@school Check admin accounts UCS@school Administrators are configured with an objectclass 'ucsschoolAdministrator'. An administrator of a school should be a member of the respective admins-school group. The following problems were found: uid=test_admin,cn=admins,cn=users,ou=DEMOSCHOOL,dc=realm4,dc=intranet - should not be member of the following groups (missing school_admin role): ['cn=admins-school1,cn=ouadmins,cn=groups,dc=realm4,dc=intranet', 'cn=admins-demoschool,cn=ouadmins,cn=groups,dc=realm4,dc=intranet'] If I am not mistaken this should not be the case. We should fix that.
This also occur in UCS 4.4-8 The customer wanted to make their school admins to be school admins in more than one school. The diagnose seems to explode with messages. This has a lot of potential to create some support tickets.
Maybe a case sensitive comparison of DNs (cn=admins-demoschool vs cn=admins-DEMOSCHOOL)?
qa: all ok -> reopen as discussed please merge and build
Merged and built the packages: Package: ucs-school-umc-diagnostic Version: 2.0.10A~5.0.0.202205061538 Branch: ucs_5.0-0 Scope: ucs-school-5.0 Package: ucs-test-ucsschool Version: 7.3.39A~5.0.0.202205061545 Branch: ucs_5.0-0 Scope: ucs-school-5.0
update tags for the diagnostic tests: Package: ucs-test-ucsschool Version: 7.3.41A~5.0.0.202205100854 Branch: ucs_5.0-0 Scope: ucs-school-5.0
tests pass in jenkins -> verify
Can I have a patch for UCS 4.4. I do not know how to get the fix from the package. The customer needs this for UCS 4.
UCS@school 5.0 v2 has been released. https://docs.software-univention.de/changelog-ucsschool-5.0v2-de.html If this error occurs again, please clone this bug.