How-To: Replicate staff users to educational school server in UCS@school

How-To: Replicate staff users to educational school servers in UCS@school

Usually, staff users are replicated only to administrative school servers and students and teachers only to educational school servers (see UCS@school).

However, there is a possibility to explicitely replicate staff users to educational school servers.

Please note that staff users will be able to authenticate against the educational school server, e.g. via Samba AD/Kerberos to access shares and login on a client that joined the local domain. Staff users can also be added to workgroups. However, they are not able to use any educational UMC modules such as classroom management or the exam mode.

Step 1 - Alter the LDAP ACLs on Master and Backups

On the UCS Master and all UCS Backups, you have to enable additional LDAP ACLs:

ucr set ucsschool/ldap/replicate_staff_to_edu="true"
ucr commit /etc/ldap/slapd.conf
systemctl restart slapd

Step 2 - Re-Join the education school server

This step is optional, but be aware of the consequences:

After enabling the additional LDAP ACLs in step 1, all educational school servers are able to read the staff users of their own school from the UCS Master und Backups, but they will not replicate existing staff users automatically.
Only staff users that are modified (or created) after step 1 will be replicated.

If you want to replicate all existing staff users in one go, you need to rejoin your educational school servers via univention-join

Please note: Re-joining a school server will take a while and the services of the educational school server cannot be used for the time being. Schedule a maintenance window for this.

This topic was automatically closed after 24 hours. New replies are no longer allowed.