Univention Bugzilla – Bug 49821
univentionUDMPropertyCopyable added to LDAP index in 10univention-ldap-server.inst (first slapindex after LDAP replication)
Last modified: 2019-12-27 20:14:55 CET
Seems that univentionUDMPropertyCopyable is added to the LDAP index in 10univention-ldap-server.inst with: /usr/share/univention-ldap/ldap_setup_index --add-eq univentionUDMPropertyCopyable which runs slapindex. On Backup and Slaves that means we copy the LDAP database (during which the index is generated) and subsequently call slapindex (again). The correct way seems to me: * Adding univentionUDMPropertyCopyable to the default index in ldap_setup_index * Removing ldap_setup_index --add-eq univentionUDMPropertyCopyable from 10univention-ldap-server.inst * The default index is configured during 01univention-ldap-server-init.inst * During the LDAP replication the index is generated correctly (including univentionUDMPropertyCopyable)
Yes, as 'univentionUDMPropertyCopyable' is part of a default UCS schema. (You must not do that when the schema is only later registered using the UDM schema extension mechanism.) PS: You might also look at <https://hutten.knut.univention.de/blog/unix-108-ldapsearch/> and change univention-ldapsearch -LLL -o ldif-wrap=no -b cn=Subschema -s base attributeTypes | grep -Fq "NAME 'univentionUDMPropertyCopyable'" to univention-ldapsearch -LLL -o ldif-wrap=no -b cn=Subschema -s base -E mv='(attributeTypes=univentionUDMPropertyCopyable)' attributeTypes | grep -q ^attributeTypes:
The reason why it was added to the joinscript is that this was the only way to add it, because the attribute has been added in a erratum update Bug #1567.
(In reply to Florian Best from comment #2) > The reason why it was added to the joinscript is that this was the only way > to add it, because the attribute has been added in a erratum update Bug > #1567. ok, but i want a join process without an extra slapindex, is that to much to ask for?
(In reply to Felix Botner from comment #3) > (In reply to Florian Best from comment #2) > > The reason why it was added to the joinscript is that this was the only way > > to add it, because the attribute has been added in a erratum update Bug > > #1567. > > ok, > but i want a join process without an extra slapindex, is that to much to ask > for? No, it's not. But it was not possible when releasing/introducing new attributes: slapd raised error messages about schema validation. As the attribute now exists we can change the code now.