Univention Bugzilla – Bug 47862
20univention-directory-policy fails if computer object was created in umc computer module
Last modified: 2021-05-14 16:34:37 CEST
The umc computer module creates new slaves at the postition 'cn=computers,dc=mydomain,dc=intranet'. But the computer object has to be in position 'cn=dc,cn=computers,dc=mydomain,dc=intranet' for the joinscript 20univention-directory-policy to work. Therefore the join fails if the slave object was created in umc. Configure 20univention-directory-policy.inst Mon Sep 24 18:02:55 CEST 2018 2018-09-24 18:02:55.754960355+02:00 (in joinscript_init) could not open policy for cn=testslave,cn=computers,dc=mydomain,dc=intranet could not open policy for cn=testslave,cn=computers,dc=mydomain,dc=intranet failed to execute univention_policy_result run-parts: /usr/lib/univention-directory-policy/univention-policy-maintenance exited with return code 49 could not open policy for cn=testslave,cn=computers,dc=mydomain,dc=intranet failed to execute univention_policy_result run-parts: /usr/lib/univention-directory-policy/univention-policy-repository-sync exited with return code 1 could not open policy for cn=testslave,cn=computers,dc=mydomain,dc=intranet univention-policy-set-repository-server: FAIL: failed to execute `univention_policy_result' run-parts: /usr/lib/univention-directory-policy/univention-policy-set-repository-server exited with return code 1 could not open policy for cn=testslave,cn=computers,dc=mydomain,dc=intranet run-parts: /usr/lib/univention-directory-policy/univention-policy-update-config-registry exited with return code 1 __JOINERR__:FAILED: /usr/lib/univention-install/20univention-directory-policy.inst ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** * Message: Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- FAILED: 20univention-directory-policy.inst **************************************************************************
The problem why it fails are probably the LDAP ACL's because they apply only to the sub containers. The trello card suggest to change the default location where DC Slaves are created. This would basically be Bug #46919 / Bug #36651.
(In reply to Florian Best from comment #1) > The problem why it fails are probably the LDAP ACL's because they apply only > to the sub containers. > > The trello card suggest to change the default location where DC Slaves are > created. This would basically be Bug #46919 / Bug #36651. From Trello: """ Ziel der Karte sollte sein, dass beim Hinzufügen über UMC der Container "richtig" vorgeschlagen wird. """
I will reset the user pain. We fixed Bug #46919 if this is still a problem then, we can see what we can do here.
This issue has been filed against UCS 4.3. UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.