How-To: Replicate staff users to educational school servers in UCS@school
Usually, staff users are replicated only to administrative school servers and students and teachers only to educational school servers (see UCS@school).
However, there is a possibility to explicitely replicate staff users to educational school servers.
Please note that staff users will be able to authenticate against the educational school server, e.g. via Samba AD/Kerberos to access shares and login on a client that joined the local domain. Staff users can also be added to workgroups. However, they are not able to use any educational UMC modules such as classroom management or the exam mode.
Step 1 - Alter the LDAP ACLs on Master and Backups
On the UCS Master and all UCS Backups, you have to enable additional LDAP ACLs:
ucr set ucsschool/ldap/replicate_staff_to_edu="true"
ucr commit /etc/ldap/slapd.conf
systemctl restart slapd
Step 2 - Re-Join the education school server
This step is optional, but be aware of the consequences:
After enabling the additional LDAP ACLs in step 1, all educational school servers are able to read the staff users of their own school from the UCS Master und Backups, but they will not replicate existing staff users automatically.
Only staff users that are modified (or created) after step 1 will be replicated.
If you want to replicate all existing staff users in one go, you need to rejoin your educational school servers via univention-join
Please note: Re-joining a school server will take a while and the services of the educational school server cannot be used for the time being. Schedule a maintenance window for this.