Hi,
my issue after an Upgrade to 4.4-8 is pretty near to this:
Except in my case it is not the primary group missing but firstname and mailPrimaryAddress
Therefore Moritz’ solution does not work for me, these attributes simply don’t exist in “default”
univention-run-join-scripts --force --run-scripts 91univention-saml
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2021 Univention GmbH, GermanyRunning pre-joinscripts hook(s): done
Running 91univention-saml.inst failed (exitcode: 3)
Running post-joinscripts hook(s): doneunivention-run-join-scripts started
So 8. Jan 11:41:23 CET 2023univention-join-hooks: looking for hook type “join/pre-joinscripts” on oxase.jaspers-rohrleitungsbau.local
Found hooks:RUNNING 91univention-saml.inst
2023-01-08 11:41:24.722984033+01:00 (in joinscript_init)
Not updating saml/idp/certificate/privatekey
Not updating saml/idp/certificate/certificate
Not updating saml/idp/entityID
Not updating ucs/server/sso/fqdn
File: /etc/apache2/sites-available/univention-saml.conf
Adding A record “ucs-sso 192.168.0.100” to zone jaspers-rohrleitungsbau.local…
done
08.01.23 11:41:26.626 DEBUG_INIT
E: Insufficient information: The following properties are missing:
firstname
mailPrimaryAddressJOINERR:FAILED: /usr/lib/univention-install/91univention-saml.inst
EXITCODE=3
0395e6e4-338b-4a2c-8a95-56d96264c16e
univention-join-hooks: looking for hook type “join/post-joinscripts” on oxase.jaspers-rohrleitungsbau.local
Found hooks:So 8. Jan 11:41:28 CET 2023
univention-run-join-scripts finished
I can’t continue with the update, but don’t know if that is really related.
When triggering the update to 4.4-9 i get
Checking LDAP schema: failed
ERROR: There is a problem with the LDAP schema on this system.
Please check /var/log/univention/updater.log or run ‘slapschema’ manually.
Error: Please check “/var/log/univention/updater.log” for details.
ERROR: update failed. Please check /var/log/univention/updater.logroot@oxase:~# slapschema
63baa592 /var/lib/univention-ldap/local-schema/oxforucs.schema: line 691 objectclass: AttributeType not found: “unrestrictedMailSize”
slapschema: bad configuration file!
So after this, slapd will refuse to start because of this (second) error.
I had to roll back to a snapshot.
As you might already know, i tend to oversee things inside univention systems sometimes, so i would be incredibly thankful, if anyone had an idea on how to solve this 
Thanks a ton
Sascha