Univention Bugzilla – Bug 54888
get_school_admin_groups() doesn't work for "mixed" school admins
Last modified: 2023-04-19 10:17:33 CEST
There's an odd behavior with school_admin groups: When I add a teacher of one school as a school_admin to another school, `get_school_admin_groups()` of the underlying school.lib object contains the admin groups of both schools. MWE ``` import univention.admin.uldap from ucsschool.lib.models.user import User lo = univention.admin.uldap.getAdminConnection()[0] otl2_dn='uid=oli.testlehrer2,cn=lehrer,cn=users,ou=olistestschule2,dc=schulportal-sh,dc=intranet' otl2_sobj = User.from_dn(otl2_dn, None, lo) print(otl2_sobj.get_school_admin_groups()) ['cn=admins-olistestschule1,cn=ouadmins,cn=groups,dc=schulportal-sh,dc=intranet', 'cn=admins-olistestschule2,cn=ouadmins,cn=groups,dc=schulportal-sh,dc=intranet'] ``` Note the TWO admin groups here But in LDAP it looks like this: ``` univention-ldapsearch -LLL uid=oli.testlehrer2 memberof dn: uid=oli.testlehrer2,cn=lehrer,cn=users,ou=olistestschule2,dc=schulportal-sh,dc=intranet memberOf: cn=Domain Users olistestschule2,cn=groups,ou=olistestschule2,dc=schulportal-sh,dc=intranet memberOf: cn=lehrer-olistestschule2,cn=groups,ou=olistestschule2,dc=schulportal-sh,dc=intranet memberOf: cn=mfa-user-olistestschule2,cn=groups,ou=olistestschule2,dc=schulportal-sh,dc=intranet memberOf: cn=admins-olistestschule1,cn=ouadmins,cn=groups,dc=schulportal-sh,dc=intranet memberOf: cn=Domain Users OlisTestschule1,cn=groups,ou=OlisTestschule1,dc=schulportal-sh,dc=intranet memberOf: cn=mfa-user-olistestschule1,cn=groups,ou=OlisTestschule1,dc=schulportal-sh,dc=intranet univention-ldapsearch -LLL uid=oli.testlehrer2 | grep ucsschool objectClass: ucsschoolTeacher objectClass: ucsschoolType ucsschoolSchool: OlisTestschule1 ucsschoolSchool: olistestschule2 ucsschoolRole: teacher:school:olistestschule2 ucsschoolRole: school_admin:school:OlisTestschule1 ``` So the admin groups differ **when I use mixed teacher/schooladmin users**