§Kapitel 1. UCS@school-Update
Dieses Dokument enthält die Changelogs mit den detaillierten Änderungsinformationen zum Update von UCS@school von Version 4.1 R2 v4 nach 4.1 R2 v5.
Sofern notwendig, werden wichtige Hinweise zum Update in einem separaten Abschnitt behandelt. Die Changelogs werden nur in Englisch
gepflegt. Die Änderungsinformationen für vorherige Versionssprünge finden sich unter https://docs.software-univention.de/.
§1.1. Generelle Hinweise zum Update
Während der Aktualisierung kann es zu Ausfällen von Diensten innerhalb der Domäne
kommen. Aus diesem Grund sollte das Update innerhalb eines Wartungsfensters
erfolgen. Grundsätzlich wird empfohlen das Update zunächst in einer Testumgebung
einzuspielen und zu testen. Die Testumgebung sollte dabei identisch zur
Produktivumgebung sein.
§1.2. Changelog
§1.2.1. Source package ucs-school-umc-rooms
- The UMC module had been adjusted to use the new methods and classes of the UCS@school python library that have been introduced/updated in UCS@school 4.1 R2 (Bug 41130).
§1.2.2. Source package ucs-school-umc-csv-import
- With UCS@school 4.1R2v3 it was not possible to import users (e.g. teachers) without an assigned class via the UMC CSV import module. The error message "Der Wert darf nur Zahlen, Buchstaben und Punkte enthalten." was shown instead. With this update the faulty logic has been fixed (Bug 41987).
- Some small internal changes were done in the UMC module to harmonize the UMC module with changes in the UCS@school python library (Bug 41282, Bug 41609).
§1.2.3. Source package ucs-school-webproxy
- The default value of the UCR variable "squid/acl/windowsupdater/allow/dstdomain-i/regex" has been updated. The old regular expression was bordered needlessly by "^" and "$" (Bug 40960).
- If a new user or group import for UCS@school had been performed, the system load on UCS@school slaves got very high due to frequent reloads of the squid3 configuration. Therefore a new service was added to control and regulate squid3 reloads when triggered by UCR updates. The reload frequency is limited to once every 15 seconds (Bug 41361).
§1.2.4. Source package ucs-school-ucc-integration
- By default, the IP address of the UCS master domain controller was assigned to UCC clients as time server. In numerous environments the master domain controller is not directly reachable by UCC clients due to firewall restrictions which resulted in incorrect system clocks on the UCC systems. With this update, the default UCR policy of each school OU is automatically updated and the UCR variable "ucc/timeserver" is appended. If the UCR variable is already configured in that UCR policy, the value is not changed. The UCR variable sets the local school server as time server for UCC systems (Bug 40705).
- By default the user "pcpatch" is no longer ignored by the Univention S4 Connector (Bug 34626).
- The join scripts 00ucs-school-slave-check-ou and 62-ucs-school-slave have been improved. This change was neccessary due to allowing ou-overlapping users and related changes in LDAP ACLs (Bug 40705)
- The new default path for UCS@school NETLOGON scripts for Windows systems is "/var/lib/samba/netlogon/user". This change will become active on newly installed UCS@school systems only. The configuration of existing UCS@school systems is not altered. To revert to the previous behavior, unset the UCR variables "samba/share/netlogon/path" and "ucsschool/userlogon/netlogon/path". This change has introduced to prevent the replication of the NETLOGON scripts via the SYSVOL replication mechanism which caused higher load in larger environments. Further documentation can be found in the chapter "Netlogon-Skripte für Samba4-Umgebung" of the UCS@school administrator manual (Bug 40347).
- The samba internal databases "sam.ldb" and "secrets.ldb" are not removed any longer while running the ucs-school-slave joinscripts (Bug 40424).
- A help message was added to a join script, giving instructions on how to rejoin school slave whose LDAP object has been previously deleted (Bug 40262).
§1.2.6. Source package ucs-school-import
- The script "activate_groupmembers" now also writes the username of each activated group member into the exported CSV file. Please note, that the order of the data fields in the resulting CSV file has changed (Bug 31187).
- The script "activate_groupmembers" now creates new passwords for each activated group member which contains special characters that are less difficult to type (Bug 40711).
- Python based hooks are now always run, when creating, modifying, moving or deleting ImportUser objects. This is an internal change. Command line imports behave as before and the UMC-modules are not yet affected (Bug 41572).
- During import via the script "ucs-school-user-import", users can now be deleted if __action=D is explicitly set in the input data. This is performed even if the --no-delete option is set. --no-delete only disables the deletion of user objects if the action (add, modify, delete) has been determined automatically (Bug 41775).
- Logging code was moved to the package "ucs-school-lib". Support for the UCR variable "ucsschool/import/debug/werror" has been removed (Bug 41595).
- A bug was fixed, that prevented staff users from being moved from one school to another (Bug 41609)
- Changing user options to an invalid combination is now prevented in UMC and via UDM (Bug 41351).
- A bug was fixed, that didn't allow users to be created without having at least one school class (Bug 41847).
- Conflicting storage of UDM properties is now prevented (Bug 41857).
- Program code was added to ease future development and support (Bug 41861).
- The legacy import script ("import_user") now finds users in LDAP with and without the new LDAP attributes "SourceUID" and "RecordUID" (Bug 41862).
- Deletion of user accounts is now done before creating new accounts or modifying existing ones. This remedies the problem, that new users could not have unique properties (like the primary email address), that accounts scheduled for deletion still had (Bug 41544).
- Newly created shares are by default not exported via NFS anymore. To reactivate the previous behaviour (creation of both Samba/CIFS and NFS shares), set the UCR variable "ucsschool/default/share/nfs" to "true". Existing shares are not affected by this change (Bug 38641).
- A script was added to create and import dummy users for testing purposes. Do not use it on production systems! (Bug 42105)
- A regression was fixed, and the previous behavior has been reestablished: If the CSV input data for importing/modifying a user does not contain any school class, existing class memberships will not be modified by the legacy import ("import_user") (Bug 42288).
- When creating or modifying users, illegal characters are now removed from their usernames. Allowed are only numbers, letters and dots (Bug 42313).
- The internal logging code was cleaned up (Bug 42315).
§1.2.7. Source package ucs-school-lib
- A bug was fixed, that prevented staff users from being moved from one school to another (Bug 41609).
- When moving a user from a school A to school B, the user is now put into the school related groups of school B (Bug 41620, Bug 40870).
- Users are now added to groups of all schools they belong to (Bug 41601).
- Passwords created by the script "activate_groupmembers" and the CLI import scripts now contain at least one character from each character class (lowercase, uppercase, digits, special characters) (Bug 40711).
- A new shell script function has been added to detect responsible school servers for a specific OU (Bug 40705)
- Due to a logic error in UCS@school library, the backup domain controller was not able to detect all school OU in LDAP. This error has been fixed (Bug 41747).
- Internal functions for extensive logging have been improved (Bug 41595).
- An error has been fixed when filtering out possible schools for certain users. This error was detected by Univention development only and could not be seen during production use (Bug 41811).
- In some situations the temporary shutdown of univention-directory-notifier failed with a traceback during user import. The shutdown and therefore also the restart of univention-directory-notifier is now handled more safely (Bug 41775).
- From now on UCS@school shares for working groups and classes are only exported via CIFS/Samba and no longer via NFS. To reenable the NFS export for new shares, set the UCR variable "ucsschool/default/share/nfs" to "yes". This new default value does not affect existing shares objects. The NFS export of shares can be (de)activated manually via the UMC module "Shares" by toggling the option "Export for NFS clients (NFSv3 and NFSv4)" (Bug 38641).
- An inefficient LDAP search has been improved that vastly reduces the search time in some UMC modules, e.g. "Passwords (students)" (Bug 42167).
- An error has been fixed when handling users with more that one school and workgroups but no classes (Bug 42251).