Univention Bugzilla – Bug 54814
Administration of "School Administrator" is not completely documented
Last modified: 2022-11-07 09:32:21 CET
https://docs.software-univention.de/ucsschool-handbuch-5.0.html#school:setup:generic:schooladmins does not mention the need to configure the "ucsschoolRole" attribute/property. see also If one follows the steps from the documentation at least the UMC diagnostics will throw a warning "User does not have UCS@school Role school_admin:school:SCHOOL"
mentioned by customer 2484 during onsite workshop. This customer is aware that the warning can be resolved manually by adding the role through udm (not in UMC as the property is not displayed there).
In addition it should be mentioned that OU-spanning teachers which are working as Administrator should be member of the "admins-schoolou" on all schools. This will be checked by the diagnostics: ##################### Start 911_ucsschool_consistency ###################### ## Check failed: 911_ucsschool_consistency - UCS@school Consistency Check ## UCS@school requires its LDAP objects to follow certain rules. Inconsistencies in these objects can trigger erratic behaviour. ~~~ The following issues concern users ~~~ uid=a.mueller,cn=lehrer,cn=users,ou=SchuleA,dc=training,dc=ucs - User does not have UCS@school Role school_admin:school:SchuleB - Not member of group cn=admins-schuleb,cn=ouadmins,cn=groups,dc=training,dc=ucs For help please visit https://help.univention.com/t/how-a-ucs-school-user-should-look-like/15630 ###################### End 911_ucsschool_consistency ####################### Reason: "At least the LDAP ACLs currently are still using the LDAP object class ucsschoolAdministrator to decide if a user is an UCS@school admin. If the user is not member of the admin group of each school, there is an inconsistant state, which might cause other problems."