Bug 50584 – apply ucr-policies early in join

Bug 50584 - apply ucr-policies early in join


Summary:	apply ucr-policies early in join

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Join (univention-join)
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2019-12-03 10:17 CET by Christina Scheinig
Modified:	2020-03-16 09:00 CET (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:	0.069
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2019112621000857, 2020031021000201
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christina Scheinig

2019-12-03 10:17:38 CET

The ucr variable are set relatively late in the join process. However, there are variables that should or must be set before the join process, because they are important for the initial setup of the LDAP. 

It is basically about variables that influence the execution of listener modules.

ldap/database/mdb/*
A join is not possible

connector/s4/mapping/*
Various settings whose changes would cause an explicit re-sync of the affected objects in the S4 connector

ucsschool/userlogon/*
Must be set before the join, otherwise the userlogon scripts will be generated incorrectly.

printer/assignment/vbs/*
The same as ucsschool/userlogon/*

These variables still have to be set locally on the host before, apart from the LDAP. Maybe it makes sense to move the adoption of LDAP policies to the beginning of the join process?

Comment 1 Christian Völker

2020-03-10 17:04:34 CET

Cu in a large environment has this issue, too.

A default join fails because the s4-connector needs more than an hour to sync while the joinscript 98univention-samba4-dns.inst waits for "dns-hostname" and finally times out.

Settings the UCRV squid/kerberos/join/timeout  to ie 14400  appears to help.
(just waiting until the s4-connector is done would help, too)
As this is a ucs@school environment, Samba is automatically installed.

However, customer an not install and join the server in a single step- He has to act manually to finalize the process every time!

Having a possibility to set the variable during first installation would prevent this issue here...