Bug 44073
| Summary: | Group blacklist for exam-master module | ||
|---|---|---|---|
| Product: | UCS@school | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
| Component: | UMC - Exam mode | Assignee: | Sönke Schwardt-Krummrich <schwardt> |
| Status: | CLOSED FIXED | QA Contact: | Daniel Tröder <troeder> |
| Severity: | normal | ||
| Priority: | P5 | ||
| Version: | UCS@school 4.2 | ||
| Target Milestone: | UCS@school 4.1 R2 v11 | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=52175 | ||
| What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
| Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 5: Blocking further progress on the daily work |
| User Pain: | 0.286 | Enterprise Customer affected?: | |
| School Customer affected?: | Yes | ISV affected?: | |
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | 2017032021000298 | Bug group (optional): | |
| Max CVSS v3 score: | |||
| Bug Depends on: | |||
| Bug Blocks: | 45473 | ||
| Attachments: |
exammode-ignore-groups.patch
exammode-ignore-groups.patch (Version 2) |
||
Created attachment 8645 [details]
exammode-ignore-groups.patch (Version 2)
Updated version
The regular expression has to be specified in UCR variable ucsschool/exam/group/ldap/blacklist/regex The patch has been tested successfully in a customer environment and has therefore been applied to SVN. ucs-school-umc-exam.yaml: r78476 | Bug #44073: updated advisory ucs-school-umc-exam (6.0.11-1): r78475 | Bug #44073: added UCR variable ucsschool/exam/group/ldap/blacklist/regex Package: ucs-school-umc-exam Version: 6.0.11-1.131.201703291633 Branch: ucs_4.1-0 Scope: ucs-school-4.1r2 Advisory: """ * In some customer environments the UCS@school users are member of additional groups that are not required for exam users. Each additional group membership slows down the creation of exam users. Via the UCR variable <envar>ucsschool/exam/group/ldap/blacklist/regex</envar> a regular expression may be specified. Each matching group DN is blacklisted for exam users. The UCR variable has to be specified on DC master. """ OK: functional test: ----------------------------------------- root@sch-m4:~# ucr set ucsschool/exam/group/ldap/blacklist/regex='cn=SchuleEins-wg1,.*' root@sch-m4:~# udm groups/group list | grep cn=SchuleEins-wg1 DN: cn=SchuleEins-wg1,cn=schueler,cn=groups,ou=SchuleEins,dc=uni,dc=dtr root@sch-m4:~# getent group SchuleEins-wg1 SchuleEins-wg1:*:11269:staff1,student1,teacher1 root@sch-m4:~# /etc/init.d/univention-management-console-server restart /var/log/univention/management-console-module-schoolexam-master.log: 31.03.17 21:14:49.410 MODULE ( INFO ) : create_exam_user(): ignoring group 'cn=SchuleEins-wg1,cn=schueler,cn=groups,ou=SchuleEins,dc=uni,dc=dtr' as requested via regexp ----------------------------------------- r78568: wording The UCRV description in ucs-school-umc-exam-master.univention-config-registry-variables is missing. I guess this is intentional. If not, please reopen. UCS@school 4.1 R2 v11 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v11-de.html If this error occurs again, please clone this bug. UCS@school 4.1 R2 v11 has been released. http://docs.software-univention.de/changelog-ucsschool-4.1R2v11-de.html If this error occurs again, please clone this bug. |
Created attachment 8644 [details] exammode-ignore-groups.patch When exam users are created, all group memberships of the original user object are copied. At least one customer has additional group memberships for all UCS@school users that slow down until the exam mode fails (timeout occurs). The attached, untested patch implements a UCR variable that allows the admin to specify a regular expression of group DNs that are ignored during exam user creation. The patch logs if the UMC module was unable to compile the regexp (loglevel ERROR) and which groups have been ignored (loglevel INFO). Workaround: apply patch in production system: # cd /usr/share/pyshared/univention/management/console/modules/schoolexam-master # patch -p6 < /path/to/exammode-ignore-groups.patch