Univention Bugzilla – Bug 50843
Join of additional UCS systems fails if DC master does not have univention-saml errata443 package installed
Last modified: 2020-03-25 10:24:09 CET
With bug 49305 a new attribute for SAML service provider was added - signLogouts. When a new server joins the domain and is updated to the latest version, but the DC Master is below 4.4-3e443, the join fails with: Configure 92univention-management-console-web-server.inst failed ************************************************************************** * Join failed! * * Contact your system administrator * ************************************************************************** [...] W: The config registry variable 'ucs/web/overview/entries/admin/umc/description/de' does not exist LDAP Error: Undefined attribute type: signLogouts: attribute type undefined In 92univention-management-console-web-server.inst at line 77 the service provider entry for the new server should be created. Because the u-saml-schema package provides the latest UDM module code on the affected server, it tries to set signLogouts to the default value, but the schema on the DC master does not have the new LDAP attribute. The saml LDAP schema is only installed locally on DC Master and Backups. Possible fix: The u-saml-schema package should register the LDAP schema via ucs_registerLDAPExtension. But this would require Joinscript execution on all server roles, which is discouraged in errata updates. Workaround: Update DC Master to 4.4-3 errata443