Description Oliver Friedrich 2022-06-21 17:56:26 CEST

There's an odd behavior with school_admin groups: When I add a teacher of one school as a school_admin to another school, `get_school_admin_groups()` of the underlying school.lib object contains the admin groups of both schools.

MWE

```
import univention.admin.uldap
from ucsschool.lib.models.user import User

lo = univention.admin.uldap.getAdminConnection()[0]

otl2_dn='uid=oli.testlehrer2,cn=lehrer,cn=users,ou=olistestschule2,dc=schulportal-sh,dc=intranet'
otl2_sobj = User.from_dn(otl2_dn, None, lo)

print(otl2_sobj.get_school_admin_groups())

['cn=admins-olistestschule1,cn=ouadmins,cn=groups,dc=schulportal-sh,dc=intranet',
 'cn=admins-olistestschule2,cn=ouadmins,cn=groups,dc=schulportal-sh,dc=intranet']
```
Note the TWO admin groups here


But in LDAP it looks like this:
```
univention-ldapsearch -LLL uid=oli.testlehrer2 memberof
dn: uid=oli.testlehrer2,cn=lehrer,cn=users,ou=olistestschule2,dc=schulportal-sh,dc=intranet
memberOf: cn=Domain Users olistestschule2,cn=groups,ou=olistestschule2,dc=schulportal-sh,dc=intranet
memberOf: cn=lehrer-olistestschule2,cn=groups,ou=olistestschule2,dc=schulportal-sh,dc=intranet
memberOf: cn=mfa-user-olistestschule2,cn=groups,ou=olistestschule2,dc=schulportal-sh,dc=intranet
memberOf: cn=admins-olistestschule1,cn=ouadmins,cn=groups,dc=schulportal-sh,dc=intranet
memberOf: cn=Domain Users OlisTestschule1,cn=groups,ou=OlisTestschule1,dc=schulportal-sh,dc=intranet
memberOf: cn=mfa-user-olistestschule1,cn=groups,ou=OlisTestschule1,dc=schulportal-sh,dc=intranet

univention-ldapsearch -LLL uid=oli.testlehrer2 | grep ucsschool
objectClass: ucsschoolTeacher
objectClass: ucsschoolType
ucsschoolSchool: OlisTestschule1
ucsschoolSchool: olistestschule2
ucsschoolRole: teacher:school:olistestschule2
ucsschoolRole: school_admin:school:OlisTestschule1
```
So the admin groups differ **when I use mixed teacher/schooladmin users**