Bug 55179 - ucs-school-purge-expired-users can't handle school_admins
Summary: ucs-school-purge-expired-users can't handle school_admins
Status: CLOSED FIXED
Alias: None
Product: UCS@school
Classification: Unclassified
Component: Import scripts
Version: UCS@school 5.0
Hardware: Other Linux
: P5 normal
Target Milestone: UCS@school 5.0 v5-errata
Assignee: Ole Schwiegert
QA Contact: Dirk Wiesenthal
URL: https://univention.plan.io/issues/34653
Keywords:
Depends on:
Blocks:
 
Reported: 2022-09-07 11:35 CEST by Oliver Friedrich
Modified: 2024-07-02 17:10 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.137
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID: 02149
Max CVSS v3 score:

Attachments
MWE for a working script without using the ImportUser factory (5.54 KB, text/x-python)
2022-09-07 16:33 CEST, Oliver Friedrich 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Friedrich univentionstaff 2022-09-07 11:35:38 CEST 
## Scenario:

* ucsschool=5.0 v3
* UCS: 5.0-2 errata393
* SiSoPi
* Import-Hook ext_config_dep_on_role enabled
* ucsschool/wizards/schoolwizards/users/roles/disabled: staff,teachersAndStaff → school_admins are enabled

## Logs:

2022-09-07 11:16:56 DEBUG import_user.ImportUser:136  Used no-overwrite-attributes: ['mailPrimaryAddress', 'uid']
2022-09-07 11:16:57 INFO  ucs-school-purge-expired-users.main:161  Found 17 expired accounts.
...
2022-09-07 11:16:57 DEBUG ucs-school-purge-expired-users.main:171  dn='uid=dienstag,cn=schueler,cn=users,ou=DeaktivierteKonten,dc=qs,dc=schule-sh,dc=de' ucsschoolPurgeTimestamp='2022-05-03' shadowExpire='1970-01-02'
2022-09-07 11:16:57 INFO  ucs-school-purge-expired-users.main:176  (dry-run) Deleting 'uid=admin2,cn=admins,cn=users,ou=DeaktivierteKonten,dc=qs,dc=schule-sh,dc=de'...
Traceback (most recent call last):
  File "/usr/share/ucs-school-import/scripts/ucs-school-purge-expired-users", line 195, in <module>
    sys.exit(main())
  File "/usr/share/ucs-school-import/scripts/ucs-school-purge-expired-users", line 185, in main
    roles = roles_from_ocs([x.decode("UTF-8") for x in attr["objectClass"]], a_user, school)
  File "/usr/share/ucs-school-import/scripts/ucs-school-purge-expired-users", line 103, in roles_from_ocs
    return kls.roles
AttributeError: 'NoneType' object has no attribute 'roles'

→ the 1st user is a school admin, but passes the UCS@School consistency check.

## Code

### ucs-school-import/usr/share/ucs-school-import/scripts/ucs-school-purge-expired-users:L95-103
The function roles_from_ocs() calls get_class_for_udm_obj() on an ImportUser object, but gets None back.

### ucs-school-import/modules/ucsschool/importer/models/import_user.py:L1576-1591

The function get_class_for_udm_obj() misses the user role "school_admin" and therefore returns 'None'!
Comment 1 Oliver Friedrich univentionstaff 2022-09-07 16:33:18 CEST 
Created attachment 10986 [details]
MWE for a working script without using the ImportUser factory
Comment 2 Oliver Friedrich univentionstaff 2022-09-07 16:34:23 CEST 
I found a (hacky?) way of doing this with the ucsschool-lib User object instead, which works with School Admins, too.
Comment 4 Jan-Luca Kiok univentionstaff 2024-05-24 14:41:30 CEST 
After discussing this and thinking it through we should ignore sole school admin accounts when purging users, because these accounts cannot be created via an import and the purge routine is part of the importer-based lifecycle.
Comment 5 Ole Schwiegert univentionstaff 2024-07-01 10:53:17 CEST 
Package: ucs-test-ucsschool
Version: 7.3.185
Branch: 5.0-0
Scope: ucs-school-5.0

Package: ucs-school-import
Version: 18.0.46
Branch: 5.0-0
Scope: ucs-school-5.0
Comment 7 Johannes Königer univentionstaff 2024-07-02 17:10:36 CEST 
Package update with resolution published on 02.07.2024 for UCS@school 5.0v5.
See https://docs.software-univention.de/ucsschool-changelog/5.0v5/en/index.html