1. Summary Join script 70ucs-school-ldap-acls-master.inst fails during the update to UCS\@school 5.2 v4 due to the activation issue of the LDAP extension object 61ucsschool\_presettings. 2. Product and Version Product: UCS\@school Version: 5.2 v4 3. Component Join script: 70ucs-school-ldap-acls-master.inst 4. Description After updating to UCS\@school 5.2 v4, the join script 70ucs-school-ldap-acls-master.inst fails when trying to activate the LDAP extension object 61ucsschool\_presettings. 5. Steps to Reproduce and Root Cause ucr set ldap/refint=false univention-app update univention-app upgrade ucsschool=5.2v4 6. Logs and Evidence Relevant excerpts from /var/log/univention/join.log and /var/log/univention/listener.log show the error and slapd.conf validation failure. The join process fails with the following error message: ERROR: Primary Directory Node did not mark the extension object active within 180 seconds. ucs\_registerLDAPExtension: registration of /usr/share/ucs-school-ldap-acls-master/61ucsschool\_presettings failed. The listener log indicates slapd.conf validation failure due to a missing refint overlay: overlay "refint" not found slaptest: bad configuration file On systems originally installed with UCS 4 or earlier, the UCR variable ldap/refint may still be set to false. The default value true for this variable was introduced with UCS 5.0. This prevents the required refint overlay from being enabled during the join process. /var/log/univention/join.log RUNNING 70ucs-school-ldap-acls-master.inst 2025-09-04 10:22:10.024614571+02:00 (in joinscript_init) Object exists: cn=ucsschool,cn=groups,dc=univention-linux,dc=lokal Object exists: (group) The groupname is already in use as groupname or as username: DC-Verwaltungsnetz. Object exists: (group) The groupname is already in use as groupname or as username: Member-Verwaltungsnetz. Object exists: (group) The groupname is already in use as groupname or as username: DC-Edukativnetz. Object exists: (group) The groupname is already in use as groupname or as username: Member-Edukativnetz. Object exists: cn=ldapacl,cn=univention,dc=univention-linux,dc=lokal INFO: No change of core data of object 61ucsschool_presettings. No modification: cn=61ucsschool_presettings,cn=ldapacl,cn=univention,dc=univention-linux,dc=lokal Waiting for activation of the extension object 61ucsschool_presettings: ......................................................ERROR: Primary Directory Node did not mark the extension object active within 180 seconds. ERROR ucs_registerLDAPExtension: registraton of /usr/share/ucs-school-ldap-acls-master/61ucsschool_presettings failed. /var/log/univention/listener.log 04.09.25 10:22:14.227 LDAP ( PROCESS ) : connecting to ldap://server.univention-linux.lokal:7389 04.09.25 10:22:14.231 LISTENER ( PROCESS ) : updating 'cn=61ucsschool_presettings,cn=ldapacl,cn=univention,dc=univention-linux,dc=lokal' command m 04.09.25 10:22:14.232 LISTENER ( PROCESS ) : ldap_extension: cn=61ucsschool_presettings,cn=ldapacl,cn=univention,dc=univention-linux,dc=lokal active? [b'FALSE'] Multifile: /etc/ldap/slapd.conf 04.09.25 10:22:21.556 LISTENER ( ERROR ) : ldap_extension: slapd.conf validation failed: overlay "refint" not found slaptest: bad configuration file! . 04.09.25 10:22:21.655 LISTENER ( ERROR ) : ldap_extension: Removing new file /etc/univention/templates/files/etc/ldap/slapd.conf.d/61ucsschool_presettings. 04.09.25 10:22:21.655 LISTENER ( ERROR ) : ldap_extension: Restoring previous file /etc/univention/templates/files/etc/ldap/slapd.conf.d/61ucsschool_presettings. 04.09.25 10:22:21.655 LISTENER ( ERROR ) : ldap_extension: Restoring previous backlink file /etc/univention/templates/files/etc/ldap/slapd.conf.d/61ucsschool_presettings.info. 04.09.25 10:22:21.655 LISTENER ( ERROR ) : ldap_extension: Restoring previous UCR info file /etc/univention/templates/info/ldapacl_61ucsschool_presettings.info. Multifile: /etc/ldap/slapd.conf 7. Solution or Workaround Set the UCR variable ldap/refint to true on the DC Master: ucr set ldap/refint=true Then, re-run the join script: univention-run-join-scripts --run-scripts 70ucs-school-ldap-acls-master.inst
Knowledge base article: https://help.univention.com/t/problem-ucs-school-5-2-v4-join-fails-ldap-extension-61ucsschool-presettings-not-activated/24501
Fix is implemented in ucs-school-metapackage (16.0.0) and will run in our test env this night.
Looks good to me - A broken env is repaired by the update -> OK - Update is not broken for envs with ldap/refint=false anymore -> OK - yaml -> OK
Errata updates for UCS@school 5.2v4 have been released. https://docs.software-univention.de/ucsschool-changelog/5.2v4/en/changelog.html https://docs.software-univention.de/ucsschool-changelog/5.2v4/de/changelog.html If this error occurs again, please clone this bug.