Univention Bugzilla – Bug 31976
selective replication and UCC clients
Last modified: 2013-07-26 13:36:23 CEST
Usually, client hosts in an ucs@school environment can only see the school ou users (due to selective replication). But UCC clients have a special setup. UCS DC hosts have an additional listener modul that creates a passwd file and ucc clients repeatedly "rsync" this file from the host in "ldap/server/name". So at least if ldap/server/name is the master, the ucc client knows all the users from all ou's.
The python script /usr/share/univention-ucc-ucsschool-integration/update_ldap_server_name has been added to the UCC package univention-ucc-ucsschool-integration. The script will be called by the joinscript or manually and it tries to determine the OU by parsing the value of ldap/hostdn. Next it checks the LDAP group OU%(ouname)s-DC-Edukativnetz for a list of responsible DC slaves. The fqdn of all found slaves will be written to ldap/server/name (only first one) and ldap/server/addition (the remaining ones). If the HomeShareServer of the OU is member of that group, the HomeShareServer will be directly written to ldap/server/name and all others are written to ldap/server/addition. It would have been possible to attach an UCR policy with object class restrictions to the computer container but this would prevent the assignment of other regular UCR policies by the administrator. Because of this limitation, this approach has been dropped. In cases where the script determines a wrong fqdn for ldap/server/name, it is still possible to overwrite the UCR settings via a manually created UCR policy. YAML file has been updated: 2013-07-22-univention-ucc-ucsschool-integration.yaml Package: univention-ucc-ucsschool-integration (1.0.4-3.10.201307242125)
OK - ldap/server/name (ou fileserver in OU%s-DC-Edukativnetz or first member in OU%s-DC-Edukativnetz ) and ldap/server/addition (member in OU%s-DC-Edukativnetz) OK - YAML
UCS@School single master with 1 school, ucc + 1 ucc client. After desktop image rollout and installation of univention-ucc-ucsschool-integration the joinscript 80univention-ucc-ucsschool-integration.inst fail with: RUNNING 80univention-ucc-ucsschool-integration.inst Local OU DN: 'ou=schule01,dc=intra,dc=net' Local OU name: 'schule01' ERROR: Could not determine ldap/server/name EXITCODE=1
(In reply to Erik Damrose from comment #3) > UCS@School single master with 1 school, ucc + 1 ucc client. After desktop > image rollout and installation of univention-ucc-ucsschool-integration the > joinscript 80univention-ucc-ucsschool-integration.inst fail with: > > RUNNING 80univention-ucc-ucsschool-integration.inst > Local OU DN: 'ou=schule01,dc=intra,dc=net' > Local OU name: 'schule01' > ERROR: Could not determine ldap/server/name > EXITCODE=1 /usr/share/univention-ucc-ucsschool-integration/update_ldap_server_name now checks if ldap/hostdn contains an OU. If no OU can be found, ldap/server/names is left untouched. If the group OU%s-DC-Edukativnetz contains no uniqueMembers or none of them is joined (associatedDomain is unset), it looks like the UCC system is used within a single server environment and ldap/master is used as fallback for ldap/server/name. univention-ucc-ucsschool-integration (1.0.5-1) unstable; urgency=low YAML: 2013-07-25-univention-ucc-ucsschool-integration.yaml
OK - single server OK - multi server OK - yaml
http://errata.univention.de/ucc/1.0/23.html