Univention Bugzilla – Bug 43311
Running ucs-school-join-secondary-samba4 against a DC Master results in undefined behavior
Last modified: 2017-10-16 21:34:00 CEST
In an environment with no Administrative servers - like many 'Berufsschulen' - it is fatal when demoting a S4-Slave-DC. The joinscript '/usr/lib/univention-install/96univention-samba4slavepdc.inst' should determine if we are in a single school environment and skip the demote else, in such environments, the S4-Slave has no replication partner and is instantly out of sync.
--- 96univention-samba4slavepdc.inst:431 ---
* I guess that the terms "no Administrative servers" and "single school environment" refer to a singlemaster environment. E.g. the package ucs-school-singlemaster *and* Samba/AD is installed (only) in the central school department
* The wording of section 14.1.2 of http://docs.software-univention.de/ucsschool-handbuch-4.1R2.html is not precise enough: The goal of the section is to explain the steps required to setup an additional UCS@school Slave PDC ("sekundären Domänencontroller an einem Schulstandort"). In the case of the ticket it has been wrongly interpreted as the steps required to setup an additional DC in the central school department instead. That interpretation is expected to lead to undefined behavior.
So we should do two things to avoid this:
1. improve the script ucs-school-join-secondary-samba4 to check if it is running against a UCS@school Slave PDC (running Samba/AD). Stop if that is not the case.
2. improve documentation of the tool and clearly define the terms like "Schulstandort" and "school DC" and "central school department".
It is now checked if the S4 SlavePDC is set.
We've checked the manual twice and it looked OK for us. Anyway, the script checks it now.
OK: code: result of LDAP filter without '(service=S4 SlavePDC)' did include the DC master, the new LDAP filter excludes it (returns only slaves with s4)
UCS@school 4.2 v4 has been released.
If this error occurs again, please clone this bug.