ID Broker manual for school authorities

Download PDF

Error handling

5. Error handling#

If a problem prevents the synchronization of a user, group or school to the ID Broker, the ID Connector will move the queue item into the directory /var/lib/univention-appcenter/apps/ucsschool-id-connector/data/out_queues/$NAMESPACEID/trash. This allows an administrator to inspect the content of the file and react appropriately.

After handling a file in the trash directory, it should be deleted.

It is possible to move the file back into the out-queue directory /var/lib/univention-appcenter/apps/ucsschool-id-connector/data/out_queues/$NAMESPACEID and let the ID Connector pick it up. The file may contain out of date LDAP data, which can inadvertently make the situation worse by for example reverting successful group membership changes. We recommend to use the script mentioned in Synchronize a single user to generate a queue item with fresh LDAP data.

5.1. Synchronize a single user#

The script schedule_user accepts a single username as command line argument. It triggers the ID Connector listener module to generate an in-queue item with fresh LDAP data.

$ univention-app shell ucsschool-id-connector /ucsschool-id-connector/src/schedule_user demo_student

5.2. Synchronize a single school group#

If a school class is missing, then schedule_user <member> can be used with one of the groups members, to trigger its synchronization. If a school group exists and should be updated, then the schedule_group command can be used.

$ univention-app shell ucsschool-id-connector /ucsschool-id-connector/src/schedule_group demo_class

5.3. Synchronize a school#

The script schedule_school accepts a school name and a number of parallel tasks as command line argument. It triggers the ID Connector listener module to generate an in-queue item with fresh LDAP data.

$ univention-app shell ucsschool-id-connector /ucsschool-id-connector/src/schedule_school demoschool 12

5.4. Reinitialize synchronization of all users and groups#

You can reinitialize the synchronization of all user and group objects with the following command:

$ univention-directory-listener-ctrl resync ucsschool-id-connector

Note

A reinitialization requires roughly the same synchronization time as the initial synchronization.

5.5. Error handling for manage_schools_to_sync.py#

The script will exit if the school was already added to the school authority configuration. By passing the flag --force you can overwrite this behavior in case you want to synchronize the school again.

$ univention-app shell ucsschool-id-connector
$ cd /var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/plugins/packages/idbroker/
$ ./manage_schools_to_sync.py add_schools --school_authority Traeger2 --force ou1 ou2

The script can also add all existing schools to the school authority configuration without running the initial synchronization step which synchronizes all users and group objects.

$ univention-app shell ucsschool-id-connector
$ cd /var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/plugins/packages/idbroker/
$ ./manage_schools_to_sync.py add_schools --school_authority Traeger2 --all_schools --initial_sync false

Instead of running the previous command for all existing schools, it can also be called for a specific school ou1.

$ univention-app shell ucsschool-id-connector
$ cd /var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/plugins/packages/idbroker/
$ ./manage_schools_to_sync.py add_schools --school_authority Traeger2 --initial_sync false ou1

If the schools have already been removed from the school authority configuration but it is uncertain if they were removed from the ID Broker, the script can also be called with --force.

$ univention-app shell ucsschool-id-connector
$ cd /var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/plugins/packages/idbroker/
$ ./manage_schools_to_sync.py remove_schools --school_authority Traeger2 --force ou1 ou2

Schools can also only be removed from the school authority configuration and not deleted from the ID Broker by passing the --delete_schools false when removing the school:

$ univention-app shell ucsschool-id-connector
$ cd /var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/plugins/packages/idbroker/
$ ./manage_schools_to_sync.py remove_schools --school_authority Traeger2 --delete_schools false ou1 ou2

5.6. Verify synchronization#

You can verify the synchronization with the following commands. Call the verify.py script with an optional LDAP filter to verify only specific objects. With the --fix parameter, objects that failed the verification are queue for a re-sync.

$ univention-app shell ucsschool-id-connector
$ cd /var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/plugins/packages/idbroker/
$ ./verify.py schools --school_authority_name Traeger2 --fix
$ ./verify.py school_classes --school_authority_name Traeger2 --fix
$ ./verify.py workgroups --school_authority_name Traeger2 --fix
$ ./verify.py users --school_authority_name Traeger2 --fix
On this page