Univention Bugzilla – Bug 46045
failed to create DC Slave (1) [E: Object exists: (uid) : oxs$]
Last modified: 2019-03-12 22:25:27 CET
Version: 4.2-3 errata256 (Lesum) Domain setup (this might take a while): failed to create DC Slave (1) [E: Object exists: (uid) : oxs$]
Reported again: Version: 4.2-3 errata310 (Lesum) Domain setup (this might take a while): failed to create DC Slave (1) [E: Object exists: (uid) : msg$]
Reported again: Version: 4.3-0 errata22 (Neustadt) Domäneneinrichtung (Dies kann einige Zeit dauern): failed to create Member Server (1) [E: Object exists: (uid) : slave$]
Version: 4.3-0 errata89 (Neustadt) Remark: Hi, this seems to be a chicken-egg-problem. I use UCS as domain controller for my home network. When I want to create a new VM I add a new computer in UCS so the VM has DNS/DHCP _before_ it can join the domain. Then I boot and install UCS on the VM and want to join as member server - joining complains that the entry already exists. Expectation: Joining warns about existing entry and asks if it should delete_conflicting_entry or retry. Thanks Traceback(d41d8cd98f00b204e9800998ecf8427e): Domain setup (this might take a while): failed to create Member Server (1) [E: Object exists: (mac) ***] Role: memberserver
The traceback from Comment 3 should have gone to Bug 42124. I've used the ticket to ask for additional information.
When clicking "NEXT" on the "Host settings" page, it will now be checked if the uid for the given host name already exists. univention-system-setup (11.0.5-13) 73dbb77c0df7 | Bug #46045: Merge branch 'rulmer/46045' into 4.3-1 108353ebdfce | Bug #46045: Add changelog entry 9ad54fc506b9 | Bug #46045: Check if uid is used in the system setup 282945b93dd6 | Bug #46045: Remove unreachable code 723e38e08d3c | Bug #46045: Add UMCP command for checking if uid already exists univention-system-setup.yaml e040c25e8482 | Bug #46045: Update yaml file
REOPEN: When the user chooses not to start the join at the end of the installation on the "Domain join information" page of the univention system setup, the user will get warned about the uid being used already. The test should be skipped in this case, because the domain administrator's credentials are not available.
univention-system-setup (11.0.5-15) 8acaf5a1f87a | Bug #46045: Don't try to run checks with master if not joining univention-system-setup.yaml 9cc498f4562e | Bug #46045: Update yaml file
I had broken the base system installation, so I fixed that. univention-system-setup (11.0.5-16) 20907d5f1c0b | Bug #46045: Merge branch 'rulmer/46045' into 4.3-1 bc067ba0e2be | Bug #46045: Fix validation page of base system installation univention-system-setup.yaml c8fafb0e3bc3 | Bug #46045: Update yaml file
I had broken the admember installation, so I fixed that. univention-system-setup (11.0.5-20) e52ed36928d6 | Bug #46045: Don't run duplicate uid check on admember univention-system-setup.yaml e84d1f8883c7 | Bug #46045: Update yaml file
I think we need to adjust this in the following two points: 1. make the check more precise, just checking the hostname will give false positives in UCS@school. It's ok if the hostname already exists, as long as the role matches. For Bug #42022 you implemented a -checkPrerequisites check for univention-join, I guess we should use something like that here too. 2. Re-think the error message from the point of view of a user. A user doesn't know why he gets a message like The uid 'newhostname$' is already used in the LDAP. I would rather say something like The hostname 'newhostname' already exists in the UCS domain. But this will have tho be adjusted anyway for point 1.
Regarding Point 1: This bug is closely related to Bug 42124 that's listed here under "See Also". The backend checks check_uid / check_if_uid_is_available need to be adjusted to match those checks: If a hostname already exists, then the role must match. (Additionally the mac address must not be assigned to a different host.)
I have (temporarily) reverted the changes, to make the errata release today possible. 54325227b3 Bug #46045: Revert yaml changes 8f175b4655 Bug #46045: Add changelog entry d14d00e237 Bug #46045: Temporarily revert all changes
It will now be checked if an existing LDAP-entry has the same role. No warning will be displayed if this is the case. I also reworded the warning. a4d40a276d Bug #46045: Add yaml entry b4e4012720 Bug #46045: Merge branch 'rulmer/46045' into 4.3-1 c7f71de94f Bug #46045: Add changelog entry a6cc2ce4c2 Bug #46045: Enable using a taken uid if the role is the same f92c1546fd Bug #46045: Re-apply previously reverted changes
As discussed, the univention-ssh tries to connect to the nameserver, but that may not be a UCS server, or it may not habe teh complete LDAP (UCS@school slave) and it may not have the credentials necessary for getAdminConnection(). Check out base/univention-lib/python/admember.py, where the python module "resolver" is used to lookup the _domaincontroller_master._tcp SRV record to find the name of the DC Master.
I have changed the server, to which a ssh connection is made, to the DC master. The name of the is already available in the front end, so I don't need to resolve the _domaincontroller_master._tcp SRV record. a985d589df Bug #46045: Update yaml file 00227117a2 Bug #46045: Add changelog entry 19993e6dc0 Bug #46045: Fix used address for the DC master
Created attachment 9643 [details] return_to_role_page.patch Ok, works, I would suggest the attached additional patch to make the "Adjust settings" choice actually return to the role selection page.
As discussed, I will not apply the patch, because the user is already on the page, where he can change the hostname, when pressing "Adjust settings". In order to comply with our coding style I have removed the bind() function, I had previously introduced. git commits (sorted from most recent to oldest): da0e05894f Bug #46045: Update yaml file a1f519f0bf Bug #46045: Add changelog entry d015cc2548 Bug #46045: Avoid using bind()
Ok, looks good.
<http://errata.software-univention.de/ucs/4.3/226.html>
Reported again: Version: 4.2-4 errata500 (Lesum) Domain setup (this might take a while): failed to create Member Server (1) [E: Object exists: (uid) : ucs-server02$]