Univention Bugzilla – Bug 42489
AD Connector: Remove conflict to slave
Last modified: 2016-09-28 14:05:26 CEST
"python-univention-connector" conflicts with "univention-server-slave". Therefore installing the AD Connector on a Slave removes "univention-server-slave". +++ This bug was initially created as a clone of Bug #41682 +++ Both python-univention-connector and univention-ad-connector-exchange depend on univention-server-master | univention-server-backup. At least for write-only-scenarios (UCS syncs in write-mode into MS AD), this is not needed and prevents certain scenarios, e.g. installing AD Connector on a UCS@school slave. Instead of cn=admin, the machine account of the Slave can be used to run the AD Connector: > ucr set connector/ldap/binddn="$(ucr get ldap/hostdn)" \ > connector/ldap/bindpwd='/etc/machine.secret' Removing the package dependency on univention-server-master | univention-server-backup would make more scenarios possible without the requirement to fork univention-ad-connector. Since these are special scenarios and not fitted for everyone, we might want to limit the possible server roles via App Center methods instead of debian package dependencies?
Fixed: 4.1-3: r72796 4.2-0: r72797 YAML: r72798 My tests on master, backup, slave and member were successful.
doesn't work for me on member (1) During UMC setuo i get the error "Creation of certificate failed (/etc/univention/ssl/WIN-M1LHUHEJFSI.w2k12.test)", Setup aborts, but subsequent configuration is possible (2) On member, ad-connector does not start -> class ad -> univention.connector.ucs.__init__ -> class ucs -> univention.admin.config.config() -> univention.admin.uldap.getBaseDN(host) # host is '' getBaseDN(host='localhost', ...): ... l = ldap.ldapobject.ReconnectLDAPObject(uri, trace_stack_limit=None) So during the ad connector start getBaseDN is called and here the method tries to open a ldap connection to localhost. This isn't going to work on a member. Or is there a special ad connector configuration needed?
Only the slave conflict needs to be removed.
I've re-added the member server conflict: r72850, r72851, r72852. Since it is already 'Forkd for project', I guess it is OK that the configuration has to be done this way.
OK - conflict to slave has been removed (connector on slave not tested) OK - yaml OK - merged to 4.2-0 fixed yaml - * The package conflict to the slave and member server role packages has + * The package conflict to the slave server role has r72856 r72857
(In reply to Felix Botner from comment #5) > fixed yaml > - * The package conflict to the slave and member server role packages has > + * The package conflict to the slave server role has Thanks!
<https://errata.software-univention.de/ucs/4.1/282.html>