Univention Bugzilla – Bug 31748
Inconsistent call_joinscript functions
Last modified: 2017-08-08 07:09:45 CEST
+++ This bug was initially created as a clone of Bug #21579 +++ univention-lib#base.sh provides two functions: 1. call_joinscript 2. call_joinscript_on_dcmaster The first version only executes on DC Master and Backup systems, the later version only on DC Masters. 1. Why would one ever call a join script only on the Master but not on the Backup? Since years we preach that the Backup is a hot-standby for the Master and should be software-identical to the Master. 2. Why do both functions accept -binddn and -bindpwd arguments and even document it in their function synopsis? On both system roles the LDAP credentials are available from /etc/ldap.secret, on all other roles the functions are NOPs. 3. Why is there no function to call join scripts on other system roles expect Master and Backup? The function remove_joinscript_status() is a duplicate of joinscipt_remove_script_from_status_file() from univention-join/joinscripthelpers.lib 4. One should be removed. 5. Why are the (un)join functions part of base.sh? They have more in common with ldap.join (they modify the LDAP) and are useless on a unjoined "base UCS system". They should have been better added to some join.sh file or moved to the univention-join package altogether.
(In reply to Philipp Hahn from comment #0) > 2. Why do both functions accept -binddn and -bindpwd arguments and even > document it in their function synopsis? On both system roles the LDAP > credentials are available from /etc/ldap.secret, on all other roles the > functions are NOPs. Same for call_unjoinscript(): only does something on Master and Backup, NOP on all other roles, but takes -binddn and -bindpwd.
(In reply to Philipp Hahn from comment #0) > +++ This bug was initially created as a clone of Bug #21579 +++ > univention-lib#base.sh provides two functions: > 1. call_joinscript > 2. call_joinscript_on_dcmaster > > The first version only executes on DC Master and Backup systems, the later > version only on DC Masters. > > 1. Why would one ever call a join script only on the Master but not on the > Backup? Since years we preach that the Backup is a hot-standby for the > Master and should be software-identical to the Master. No, we changed the concept a while ago. At least in Samba join scripts we need the Administrator credentials on a DC Backup too. univention-run-join-scripts asks for the credentials on a DC Backup too. > 2. Why do both functions accept -binddn and -bindpwd arguments and even > document it in their function synopsis? On both system roles the LDAP > credentials are available from /etc/ldap.secret, on all other roles the > functions are NOPs. See above, we need the credentials to communicate with the Samba / Samba 4 on the DC Master.
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 3.1. UCS 3.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.