Bug in univention-join


There got to be a bug in the univention-join script.

The folder “/etc/univention/ssl” is renamed during the domain join process.
Howeverin the download_host_certificate subroutin are the folder “/etc/univention/ssl/hosname.domainname” with the symbolic link “/etc/univention/ssl/hosname” never re-created.
The subsequent call to univention-scp is failing due to the missing folder and link.

I have added these lines at the start of the download_host_certificate subroutin.

mkdir “/etc/univention/ssl/$hostname.$domainname”
ln -s “/etc/univention/ssl/$hostname.$domainname” “/etc/univention/ssl/$hostname”

I am still not sure if this is the best location but it serves the purpose.



no, the join script is correct. A simplified view of what happens is:

[ul][li]An existing directory /etc/univention/ssl/ is renamed.[/li]
[li]The server account is created on the master.[/li]
[li]The directory listener process on the master creates both the directory with the slave’s fully qualified domain name as well as the symlink with just the host name. These files reside on the master.[/li]
[li]Both the directory with the fully qualified domain name and the symlink are copied from the master to the slave; this happens in the routine download_host_certificate inside /usr/sbin/univention-join. That routine won’t return until both the directory and the symlink exist.[/li][/ul]

Thanks for your reply.
After a week of trying to join a slave DC to the PDC it suddenly today worked as it should.
This is strange since I havn’t changed anything on the server and the slave is a bare-metal UCS mailserver.

What may have caused this?

Regards Bengt

No idea. You would have to look into the log files for such a failed join attempt.

All is working well now.
I would however suggest a time out in the download_host_certificate subroutin, as it was the univention-join script was stuck on the subroutin for 12 hours in my case until I forced a break.

I would assume that the directory listener process was never started or stuck on something on the server.

A timeout and a error message indicating the probable source of the problem would be helpful.

Regards Bengt