Univention Bugzilla – Bug 46436
saml kerberos does not work after ad takeover
Last modified: 2020-06-22 11:26:22 CEST
ad takeover: First univention-s4-connector is installed and with it 98univention-samba4-saml-kerberos.inst. During the Join the ucs-sso SPN is created. Second step is the takeover, this removes all entries from the local samba db and "copies" the ad db. Now the ucs-sso is missing I think we have to remove the SPO account in rewrite_sambaSIDs_in_OpenLDAP() (as we do it for the http-proxy account) and mark the 98univention-samba4-saml-kerberos.inst as not configured in finalize() so that the next run-join-scripts re-creates the ucs-sso account.