UCS@school-Lehrer are currently mapped to LDAP object classes (e.g.
ucsschoolAdministrator). But we are in the middle of a migration to a new, more flexible mechanism which uses the LDAP attribute
ucsschoolRole. Hint: if the migration is completed, it is likely that the objectclasses will be removed. So the LDAP attribute
ucsschoolRole should be used for new implementations.
The objectclass and ucsschoolRole are currently kept in sync by the UMC modules
Benutzer (Schulen) and the UCS@school importer. If the UMC module
Benutzer is used directly, there might be inconsistencies, that should be checked and fixed to avoid problems.
So if ucsschoolRole does not match the LDAP object classes, please investigate the reason for this inconsistency.
the last time I tested BigBlueButton, Greenlight only added the LDAP attribute specified in
LDAP_ROLE_FIELD to the existing Greenlight user
This means that if in the Greenlight configuration
LDAP_ROLE_FIELD is set to e.g.
univentionFreeAttribute2 and on the LDAP user
foo the attribute
univentionFreeAttribute2 is set to
admin, then the role
admin is added to the Greenlight user (
univentionFreeAttribute2 is only an example, it may be any other LDAP attribute that just contains the name of the Greenlight role).
It should be noted, however, that only new roles have been added in Greenlight. This means that if
foo is downgraded from
user, the role
admin at the corresponding Greenlight user is not removed again.
So far I don’t know of any workaround or fix for this.