Univention Bugzilla – Bug 56824
Register SAML schema in domain
Last modified: 2023-11-21 12:08:08 CET
The LDAP schema for SAML objects are currently hardcoded in the univention-saml-schema package and not reqistered as LDAP extension in the domain. Purging the package will therefore cause slapd to not start anymore. For the UCS 5.2 upgrade we need the schema to be registered (e.g. for mixed environments with UCS 5.0). +++ This bug was initially created as a clone of Bug #56765 +++ SimpleSAMLphp will not be supported in 5.2 anymore, we need to adjust the defaults and remove obsolete code to switch to Keycloak
The schema is now registered in the joinscript 91univention-saml (which belongs to univention-saml and not univention-saml-schema, but is only installed on DC Primary/Backup where we are allowed to increase the joinscript version during errata updates). univention-saml.yaml 2d01ebfdf63c | feat(saml): register LDAP schema and UDM modules domainwide in the LDAP univention-saml (7.0.8-9) 965ec29b6990 | fix(saml): fix remove handling of saml/idpconfig objects in listener 2d01ebfdf63c | feat(saml): register LDAP schema and UDM modules domainwide in the LDAP
OK - univention-saml 7.0.8-10 OK - yaml OK - univention-saml not installed on slave, member OK - univention-saml join automatically executed on primary and backup OK - schema and udm stuff is registered OK - update works (primary then backup, and vice versa or replica first) OK - update to 5.2
<https://errata.software-univention.de/#/?erratum=5.0x881>