Description Philipp Hahn 2019-02-07 16:31:44 CET

"univention-join" has too many deficits and is a nightmare to debug and extend:

1. on a re-join is does not reset the system to a sane state; e.g. the local BIND is still used with still uses the (stale) data from the local SLAPD.

2. The joind script "03univention-directory-listener.inst" is handled especially and univention-join contains some special handling for it.

3. The LDAP server is started very early - at a point where the initial LDAP schema has not be replicated yet; this is only faked in "01univention-ldap-server-init.inst".

We should (at least) do the following (not complete):

1. Reset the local system to not use any local services: dns, ...
2. Purge old LDAP databases and JOIN related state
3. (Re-)create HOST account and fetch machine.secret and SSL certificates
4. Fetch SCHEMA¹ and attributes to index from Master
5. Start slapd
6. Start UDN² (needs local slapd for cn=translog)
7. Start UDL³ (replication.py needs local slapd)
...

¹: Replace fake_initial_schema() in 01univention-ldap-server-init.inst with:
python -c 'from univention.uldap import getMachineConnection
access = getMachineConnection(ldap_master=True)
result = access.search(base="cn=Subschema", scope="base", attr=["objectClasses", "attributeTypes"], unique=True, required=True)
((dn, attrs),) = result
execfile("/usr/lib/univention-directory-listener/system/replication.py")
update_schema(attrs)'

²: Please note that the Master is the only server role where UDN must be started *before* UDL as UDL connects to UDN. "univention-join" is never executed on the Master, instead the simplified code from base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh:264 is used.

³: I have the nagging memory, that on all other server roles except UDL must be started before UDN, but I cannot remember the issue any more - maybe it was because Bug #48427 one time ago required UDL to replicate the univentionTranslog.schema for UDN to start.