Univention Bugzilla – Bug 56577
UCS@school Check admin account throws a traceback if a school admin has no school
Last modified: 2023-09-15 07:19:53 CEST
root@master:~# univention-run-diagnostic-checks -t 908_ucsschool_school_admin_accounts Executing following checks: ['908_ucsschool_school_admin_accounts'] You can find the logging messages of the diagnostic modules at /var/log/univention/management-console-module-diagnostic.log ####################### Start 908_ucsschool_school_admin_accounts ####################### ## Check failed: 908_ucsschool_school_admin_accounts - UCS@school Check admin accounts ## Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 277, in execute ret = execute(umc_module, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/908_ucsschool_school_admin_accounts.py", line 175, in run missing_group_dns = get_missing_group_dns(admin, groups) File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/908_ucsschool_school_admin_accounts.py", line 141, in get_missing_group_dns if is_missing_group(attrs, admin["dn"], school): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/908_ucsschool_school_admin_accounts.py", line 131, in is_missing_group return group_attrs["ucsschoolSchool"][0].decode("UTF-8") == school and admin_dn.encode( KeyError: 'ucsschoolSchool' ######################## End 908_ucsschool_school_admin_accounts ######################## The reason seems to be a user who has set the objectClass ucsschoolAdministrator and who has not set ucsschoolschool. I used the following LDAP filter: univention-ldapsearch "(&(univentionObjectType=users/user)(objectClass=ucsschoolAdministrator)(!(ucsschoolschool=*)))"
I agree that we should not throw tracebacks generally but report with a qualitative error instead. The interesting question is how the school administrator lost his school(s) as they a required for every school user object (see also: https://help.univention.com/t/how-a-ucs-school-user-should-look-like/15630 ), do you have an idea how this happened in the first place?
I strongly suspect that the user was created manually with udm, and not with the UCS@school modules - because at the ticket the faulty user has the uid univention.support
It is possible that the user was created via UDM, I don't know.