Univention Bugzilla – Bug 41634
Syncrepl procedure - missing include schema
Last modified: 2017-05-25 19:17:06 CEST
Hello, Following this howto : http://docs.software-univention.de/domain-4.1.html#ext-dom-syncrepl it seems that there is a missing include schema in remote_system/template-slapd.conf The missing schema is : include /usr/share/univention-ldap/schema/univention-saml.schema If corrected the command "cat remote_system/template-slapd.conf | ucr filter > remote_system/slapd.conf" should then work as expected. Otherwise the result in slapadd error on consumer side looks like this : http://forum.univention.de/viewtopic.php?f=56&t=5852 I've added this on the generate slapd.conf on consumer side and the import is now working fine (tested on Debian 8.5 and FreeBSD 10.3) Regards.
Thank you for the report. Actually "slapcat"/"slapadd" only work on the data, *not* on the schema - that is by design. You need to copy the SAML (and other schema like the schema for the Univention App center) by hand. You can query the schema information via LDAP itself: ldapsearch -LLLx -o ldif-wrap=no -b cn=Subschema -s base but it needs post-processing, as objectClasses depend on each other and must be sorted so that depending classes are sorted after their dependents, etc.
Created attachment 7763 [details] ucs41-syncrepl-proxy-setup.tar.bz2 Thanks for the report, that guide needs to be updated for the UCS 4.1 chnages. The attached archive contains an updated version of the Tar archive referred to in that guide, which includes the SAML schema. Untested.
Just an FYI I ran into this problem today. The attached file fixed the issue but the documentation is still using the old templates from http://updates.software-univention.de/download/syncrepl/ucs4-syncrepl-proxy-setup.tar.bz2