First Last Prev Next    This bug is not in your last search results.
Bug 56577 - UCS@school Check admin account throws a traceback if a school admin has no school
UCS@school Check admin account throws a traceback if a school admin has no sc...
Status: NEW
Product: UCS@school
Classification: Unclassified
Component: UMC - System diagnostic
UCS@school 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS@school maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-09-13 07:18 CEST by Stefan Gohmann
Modified: 2023-09-15 07:19 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.046
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2023091121000283
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2023-09-13 07:18:38 CEST 
root@master:~# univention-run-diagnostic-checks -t 908_ucsschool_school_admin_accounts
Executing following checks: ['908_ucsschool_school_admin_accounts']

You can find the logging messages of the diagnostic modules at /var/log/univention/management-console-module-diagnostic.log

####################### Start 908_ucsschool_school_admin_accounts #######################
## Check failed: 908_ucsschool_school_admin_accounts - UCS@school Check admin accounts ##
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 277, in execute
    ret = execute(umc_module, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/908_ucsschool_school_admin_accounts.py", line 175, in run
    missing_group_dns = get_missing_group_dns(admin, groups)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/908_ucsschool_school_admin_accounts.py", line 141, in get_missing_group_dns
    if is_missing_group(attrs, admin["dn"], school):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/908_ucsschool_school_admin_accounts.py", line 131, in is_missing_group
    return group_attrs["ucsschoolSchool"][0].decode("UTF-8") == school and admin_dn.encode(
KeyError: 'ucsschoolSchool'
######################## End 908_ucsschool_school_admin_accounts ########################

The reason seems to be a user who has set the objectClass ucsschoolAdministrator and who has not set ucsschoolschool. I used the following LDAP filter:

univention-ldapsearch "(&(univentionObjectType=users/user)(objectClass=ucsschoolAdministrator)(!(ucsschoolschool=*)))"
Comment 1 Jan-Luca Kiok univentionstaff 2023-09-14 13:30:39 CEST 
I agree that we should not throw tracebacks generally but report with a qualitative error instead.
The interesting question is how the school administrator lost his school(s) as they a required for every school user object (see also: https://help.univention.com/t/how-a-ucs-school-user-should-look-like/15630 ), do you have an idea how this happened in the first place?
Comment 2 Erik Damrose univentionstaff 2023-09-14 13:37:34 CEST 
I strongly suspect that the user was created manually with udm, and not with the UCS@school modules - because at the ticket the faulty user has the uid univention.support
Comment 3 Stefan Gohmann univentionstaff 2023-09-15 07:19:53 CEST 
It is possible that the user was created via UDM, I don't know.
First Last Prev Next    This bug is not in your last search results.