Univention Bugzilla – Bug 52131
joinscript api should supply binddn and bindpwdfile on primary and backup nodes
Last modified: 2020-10-08 19:03:10 CEST
The join script API is inconsistent in that way: * On replication and managed nodes the univention-run-join-scripts adds "--binddn BINDDN --bindpwdfile BINDPWDFILE" to the arguments in "$@" which are forwarded to all software using the LDAP when called in join scripts. * On primary and backup nodes the user can retrieve the credentials herself, so univention-run-join-scripts does _not_ add those to the join scripts args. All software called with "$@" has to be aware of that. This has led to a lot of lost development hours by (also experienced) Univention developers getting surprised by this unexpected API behavior. It has furthermore lead to hundreds of Python and shell scripts implementing all the same forumla: "if role in (master, backup) read secret-file, else use arguments passed". The joinscript api should be consistent: it should supply binddn and bindpwdfile on all nodes.
Latest occurrence: Bug 51519#c5.
*** This bug has been marked as a duplicate of bug 47494 ***