Bug 41634 - Syncrepl procedure - missing include schema
Syncrepl procedure - missing include schema
Status: NEW
Product: UCS extended documentation
Classification: Unclassified
Component: Domain services / LDAP
Other Linux
: P5 normal (vote)
: UCS 4.x
Assigned To: Docu maintainers
Depends on:
  Show dependency treegraph
Reported: 2016-06-22 09:47 CEST by Oliver
Modified: 2017-05-25 19:17 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback
Max CVSS v3 score:

ucs41-syncrepl-proxy-setup.tar.bz2 (3.25 KB, application/x-bzip)
2016-06-22 16:45 CEST, Arvid Requate

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver 2016-06-22 09:47:39 CEST

Following this howto : http://docs.software-univention.de/domain-4.1.html#ext-dom-syncrepl it seems that there is a missing include schema in remote_system/template-slapd.conf

The missing schema is : include         /usr/share/univention-ldap/schema/univention-saml.schema

If corrected the command "cat remote_system/template-slapd.conf | ucr filter > remote_system/slapd.conf" should then work as expected. 

Otherwise the result in slapadd error on consumer side looks like this :

I've added this on the generate slapd.conf on consumer side and the import is now working fine (tested on Debian 8.5 and FreeBSD 10.3)

Comment 1 Philipp Hahn univentionstaff 2016-06-22 10:25:31 CEST
Thank you for the report.
Actually "slapcat"/"slapadd" only work on the data, *not* on the schema - that is by design. You need to copy the SAML (and other schema like the schema for the Univention App center) by hand.

You can query the schema information via LDAP itself:
 ldapsearch -LLLx -o ldif-wrap=no -b cn=Subschema -s base
but it needs post-processing, as objectClasses depend on each other and must be sorted so that depending classes are sorted after their dependents, etc.
Comment 2 Arvid Requate univentionstaff 2016-06-22 16:45:44 CEST
Created attachment 7763 [details]

Thanks for the report, that guide needs to be updated for the UCS 4.1 chnages.

The attached archive contains an updated version of the Tar archive referred to in that guide, which includes the SAML schema. Untested.
Comment 3 JR Stuhrberg 2017-05-25 19:17:06 CEST
Just an FYI I ran into this problem today. The attached file fixed the issue but the documentation is still using the old templates from