Univention Bugzilla – Bug 39574
Register ucs-sso in AD LDAP
Last modified: 2015-11-17 12:11:51 CET
The AD member mode join should also register the ucs-sso host entry in the AD DNS.
ucs-test: * added 56_admember/010ucs_sso_a_record (new ucs-test-admember) univention-lib: * added add_host_record_in_ad() to shell/python admember lib univention-saml: * create ucs-sso A record for UCS host in AD in 91univention-saml.inst (for NON-master UCS systems) univention-system-setup: * create ucs-sso A record in univention-system-setup/scripts/90_postjoin/10admember (master, admember setup during installation) univention-ad-connector: * create ucs-sso A record in admember_join() (master, admember setup UMC module) QA: * master admember mode durig setup * master admember mode in UMC module * backup * no ucs-uss record for slaves
I guess this doesn't work with IPv6: * Interfaces().get_default_ip_address() only returns IPv4 if mixed * it would return IPv6 for pure IPv6, which would make nsupdate fail I'll add a patch proposal. Question: Why not simply add an CNAME alias record instead that points to the FQDN of the UCS server? That would cover not only IPv4/IPv6 but would also survive IP changes/additions.
Created attachment 7232 [details] ipv6.patch
(In reply to Arvid Requate from comment #2) > Question: Why not simply add an CNAME alias record instead that points to > the FQDN of the UCS server? That would cover not only IPv4/IPv6 but would > also survive IP changes/additions. All master and backup systems should register themselves at this record.
Ok, then the UCR variable "ucs/server/sso/fqdn" also needs to be copied during univention-join, otherwise the joining systems will always register the default value in 91univention-saml.inst.
(In reply to Arvid Requate from comment #5) > Ok, then the UCR variable "ucs/server/sso/fqdn" also needs to be copied > during univention-join, otherwise the joining systems will always register > the default value in 91univention-saml.inst. It depends. For example in @school scenarios are multiple and independent Identity Provider possible. If a none-default value should be used, one can set a UCR policy. Let's wait and see.
created Bug #39669 for IPv6
IPv6: Ok, fine with me. I suggest adjusting the changelog entry to point out that the UCR-Variable needs to be adjusted *before* joining a UCS Backup and that this may conveniently be done via UDM-UCR-policy. Alternatively we may add an SDB article. Currently, nobody has the chance to known how to properly make use of this UCR variable without reading the joinscript code and understanding a lot about the intricacies of UCS Join. "The name can be changed through the &ucsUCRV; <envar>ucs/server/sso/fqdn</envar>" Either we adjust this sentence or we should not mention it at all and it's for internal/project use only.
(In reply to Arvid Requate from comment #8) > IPv6: Ok, fine with me. > > I suggest adjusting the changelog entry to point out that the UCR-Variable > needs to be adjusted *before* joining a UCS Backup and that this may > conveniently be done via UDM-UCR-policy. Alternatively we may add an SDB > article. Currently, nobody has the chance to known how to properly make use > of this UCR variable without reading the joinscript code and understanding a > lot about the intricacies of UCS Join. > > "The name can be changed through the &ucsUCRV; > <envar>ucs/server/sso/fqdn</envar>" > > Either we adjust this sentence or we should not mention it at all and it's > for internal/project use only. adjusted changelog and creates Bug #39774
Ok.
UCS 4.1 has been released: https://docs.software-univention.de/release-notes-4.1-0-en.html https://docs.software-univention.de/release-notes-4.1-0-de.html If this error occurs again, please use "Clone This Bug".