Error Domain Joining Fresh Replica Server

gcan · October 23, 2024, 7:48pm

Hey there,

I’m having a lot of trouble trying to add another replica server into our domain.

This is a fresh install with no modifications.

It fails saying there is a failed.ldif file. I’ve tried the following help documents with no success:

This is part 1 (Rest in next comment, hit character limit) of the output of the join.log on the system attempting to join:

root@unassigned-hostname:~# cat /var/log/univention/join.log
Wed Oct 23 12:23:36 PDT 2024: starting /usr/sbin/univention-join -dcname ucs-master.int.example.net -dcaccount Administrator -dcpwd /var/cache/univention-system-setup/secret -checkPrerequisites
running version check
OK: UCS version on ucs-master.int.example.net is higher or equal (5.09) to the local version (5.09).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Wed Oct 23 12:23:56 PDT 2024: finish /usr/sbin/univention-join
Wed Oct 23 12:28:31 PDT 2024: starting /usr/share/univention-join/univention-join -dcname ucs-master.int.example.net -dcaccount Administrator -dcpwd /tmp/tmp.PlbtXNnT6W
running version check
OK: UCS version on ucs-master.int.example.net is higher or equal (5.09) to the local version (5.09).
Check if /var/lib/univention-directory-replication/failed.ldif exists
Stopping slapd (via systemctl): slapd.service.
Starting slapd (via systemctl): slapd.service.
Wed Oct 23 12:29:00 PDT 2024
univention-join-hooks: looking for hook type "join/pre-join" on ucs-master.int.example.net
Found hooks:
  cn=ensure-minmum-ucs-version,cn=data,cn=univention,dc=int,dc=example,dc=net
Running: ensure-minmum-ucs-version (cn=ensure-minmum-ucs-version,cn=data,cn=univention,dc=int,dc=example,dc=net) in /tmp/tmp05cdhzlg/tmphoflp8zg
univention-server-join: joins a server to an univention domain
copyright (c) 2001-2024 Univention GmbH, Germany

ldap_dn="cn=oducs,cn=dc,cn=computers,dc=int,dc=example,dc=net"
Setting hostname
Create ldap/hostdn
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/apache2/sites-available/default-ssl.conf
File: /etc/mailname
File: /etc/cron.d/univention-directory-policy
File: /etc/hostname
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.virtual_mailbox
Multifile: /etc/postfix/ldap.sharedfolderlocal_aliases
File: /etc/dhcp/dhclient.conf
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/pam.d/univention-management-console
File: /etc/apache2/conf-available/ucs.conf
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/main.cf
File: /usr/lib/univention-portal/config/config.json
Multifile: /etc/postfix/ldap.canonicalsender
Multifile: /etc/postfix/ldap.external_aliases
File: /etc/welcome.msg
File: /etc/pam_ldap.conf
File: /etc/apache2/sso-vhost.conf.d/01redirect.conf
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderremote
File: /etc/issue
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/hosts
File: /etc/default/univention-directory-listener
Multifile: /etc/postfix/ldap.virtualwithcanonical
Failed to stop univention-directory-notifier.service: Unit univention-directory-notifier.service not loaded.
Setting ldap/server/name
Setting ldap/server/ip
Not updating ldap/server/port
Create ldap/master
Create ldap/master/port
Setting ldap/server/type
File: /etc/libnss-ldap.conf
Multifile: /etc/postfix/ldap.canonicalrecipient
File: /etc/ldap/ldap.conf
File: /etc/krb5.conf
File: /etc/default/ntpdate
Multifile: /etc/postfix/ldap.virtual_mailbox
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.transport
File: /etc/pam_ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
File: /etc/nagios/nrpe.cfg
Multifile: /etc/postfix/ldap.canonicalsender
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /usr/lib/univention-portal/config/config.json
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.sharedfolderlocal_aliases
Multifile: /etc/ldap/slapd.conf
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/ntp.conf
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.external_aliases
File: /etc/init.d/slapd
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.sharedfolderremote
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
138 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Download host certificate for oducs:Could not chdir to home directory /dev/null: Not a directory
Could not chdir to home directory /dev/null: Not a directory
Restarting slapd (via systemctl): slapd.serviceWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
.
Not updating ldap/server/name
Not updating ldap/master
23.10.24 12:29:47.947  DEBUG_INIT
23.10.24 12:29:47.991  DEBUG_EXIT
Setting kerberos/realm
File: /etc/krb5.conf
File: /etc/heimdal-kdc/kdc.conf
Setting windows/domain
File: /etc/krb5.conf
Create dns/forwarder1
File: /etc/bind/named.conf.proxy
File: /etc/bind/named.conf.samba4
Create dns/forwarder2
File: /etc/bind/named.conf.samba4
File: /etc/bind/named.conf.proxy
Create dns/forwarder3
File: /etc/bind/named.conf.samba4
File: /etc/bind/named.conf.proxy
Create ldap/database/mdb/maxsize
Multifile: /etc/ldap/slapd.conf
23.10.24 12:30:14.107  DEBUG_INIT
23.10.24 12:30:14.136  DEBUG_EXIT
23.10.24 12:30:14.331  DEBUG_INIT
23.10.24 12:30:14.333  DEBUG_EXIT
univention-join-hooks: looking for hook type "join/pre-joinscripts" on ucs-master.int.example.net
Found hooks:

Configure 01univention-ldap-server-init.inst Wed Oct 23 12:30:14 PDT 2024
2024-10-23 12:30:14.868895235-07:00 (in joinscript_init)
File: /var/lib/univention-ldap/translog/DB_CONFIG
Warning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
2024-10-23 12:30:16.291148930-07:00 (in joinscript_save_current_version)
Configure 03univention-directory-listener.inst Wed Oct 23 12:30:16 PDT 2024
2024-10-23 12:30:16.319048838-07:00 (in joinscript_init)
23.10.24 12:30:16.530  DEBUG_INIT
23.10.24 12:30:16.544  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.example.net:7389
23.10.24 12:30:19.490  LISTENER    ( WARN    ) : handler: replication (not ready) (ignore)
Restarting slapd (via systemctl): slapd.serviceWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
.
23.10.24 12:30:20.751  LISTENER    ( WARN    ) : Set Schema ID to 54
23.10.24 12:30:20.751  LISTENER    ( WARN    ) : initializing module replication
File: /var/lib/univention-ldap/ldap/DB_CONFIG
slapd: no process found
File: /var/lib/univention-ldap/ldap/DB_CONFIG
Starting slapd (via systemctl): slapd.serviceWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
.
23.10.24 12:30:25.158  LISTENER    ( ERROR   ) : replication: No such object; dn="uid=ndew,cn=users,dc=int,dc=example,dc=net": Error
23.10.24 12:30:25.158  LISTENER    ( ERROR   ) :        machted dn: dc=int,dc=example,dc=net
23.10.24 12:30:42.510  LISTENER    ( WARN    ) : finished initializing module replication with rv=0
23.10.24 12:30:42.510  LISTENER    ( WARN    ) : initializing module ldap-cache-baa04df67e7af6bb0769f5cb7e72dba9
23.10.24 12:30:42.895  LISTENER    ( WARN    ) : finished initializing module ldap-cache-baa04df67e7af6bb0769f5cb7e72dba9 with rv=0
23.10.24 12:30:42.896  LISTENER    ( WARN    ) : initializing module nss
23.10.24 12:30:43.121  LISTENER    ( WARN    ) : finished initializing module nss with rv=0
23.10.24 12:30:43.121  LISTENER    ( WARN    ) : initializing module nfs-homes
23.10.24 12:30:43.184  LISTENER    ( WARN    ) : finished initializing module nfs-homes with rv=0
23.10.24 12:30:43.184  LISTENER    ( WARN    ) : initializing module license_uuid
Create license/base
Create uuid/license
File: /etc/apt/apt.conf.d/55user_agent
Module: univention_blog
File: /var/www/univention/meta.json
23.10.24 12:30:43.660  LISTENER    ( WARN    ) : finished initializing module license_uuid with rv=0
23.10.24 12:30:43.660  LISTENER    ( WARN    ) : initializing module univention-admin-diary-backend
23.10.24 12:30:43.740  LISTENER    ( WARN    ) : finished initializing module univention-admin-diary-backend with rv=0
23.10.24 12:30:43.741  LISTENER    ( WARN    ) : initializing module hosteddomains
23.10.24 12:30:43.801  LISTENER    ( WARN    ) : finished initializing module hosteddomains with rv=0
23.10.24 12:30:43.801  LISTENER    ( WARN    ) : initializing module ldap_extension
23.10.24 12:30:43.872  LISTENER    ( PROCESS ) : ldap_extension: cn=61guardian,cn=ldapacl,cn=univention,dc=int,dc=example,dc=net active? [b'TRUE']
Multifile: /etc/ldap/slapd.conf
23.10.24 12:30:46.099  LISTENER    ( PROCESS ) : ldap_extension: cn=59univention-radius,cn=ldapacl,cn=univention,dc=int,dc=example,dc=net active? [b'TRUE']
Multifile: /etc/ldap/slapd.conf
23.10.24 12:30:48.449  LISTENER    ( PROCESS ) : ldap_extension: cn=66univention-radius,cn=ldapacl,cn=univention,dc=int,dc=example,dc=net active? [b'TRUE']
Multifile: /etc/ldap/slapd.conf
23.10.24 12:30:50.889  LISTENER    ( PROCESS ) : ldap_extension: cn=62univention-portal,cn=ldapacl,cn=univention,dc=int,dc=example,dc=net active? [b'TRUE']
Multifile: /etc/ldap/slapd.conf
23.10.24 12:30:53.340  LISTENER    ( PROCESS ) : ldap_extension: cn=62univention-monitoring,cn=ldapacl,cn=univention,dc=int,dc=example,dc=net active? [b'TRUE']
Multifile: /etc/ldap/slapd.conf
23.10.24 12:30:55.773  LISTENER    ( PROCESS ) : ldap_extension: cn=66univention-appcenter_app,cn=ldapacl,cn=univention,dc=int,dc=example,dc=net active? [b'TRUE']
Multifile: /etc/ldap/slapd.conf
23.10.24 12:30:58.306  LISTENER    ( PROCESS ) : ldap_extension: cn=66univention-ldap-server_acl-master-uvmm,cn=ldapacl,cn=univention,dc=int,dc=example,dc=net active? [b'TRUE']
Multifile: /etc/ldap/slapd.conf
23.10.24 12:31:00.956  LISTENER    ( WARN    ) : finished initializing module ldap_extension with rv=0
23.10.24 12:31:00.956  LISTENER    ( WARN    ) : initializing module nagios-client
23.10.24 12:31:01.065  LISTENER    ( WARN    ) : finished initializing module nagios-client with rv=0
23.10.24 12:31:01.065  LISTENER    ( WARN    ) : initializing module univention-saml-servers
Create ucs/server/saml-idp-server/ucs-master.int.example.net
23.10.24 12:31:01.340  LISTENER    ( WARN    ) : finished initializing module univention-saml-servers with rv=0
23.10.24 12:31:01.340  LISTENER    ( WARN    ) : initializing module nscd_update
23.10.24 12:31:01.579  LISTENER    ( WARN    ) : finished initializing module nscd_update with rv=0
23.10.24 12:31:01.579  LISTENER    ( WARN    ) : initializing module keytab-member
23.10.24 12:31:01.641  LISTENER    ( WARN    ) : finished initializing module keytab-member with rv=0
23.10.24 12:31:01.641  LISTENER    ( WARN    ) : initializing module app_attributes
23.10.24 12:31:01.716  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:02.512  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:02.514  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:02.855  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:02.857  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:03.216  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:03.217  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:03.557  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:03.558  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:03.897  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:03.899  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:04.236  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:04.237  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:04.601  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:04.602  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:04.931  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:04.933  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:05.295  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:05.296  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:05.634  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:05.635  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:05.985  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:05.986  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:06.346  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:06.348  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:06.701  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:06.702  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:07.054  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:07.056  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:07.418  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:07.419  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:07.767  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:07.768  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:08.111  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:08.112  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:08.446  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:08.448  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:08.800  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:08.802  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:09.161  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:09.162  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:09.516  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:09.517  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:09.889  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:09.890  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:10.262  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:10.263  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:10.621  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:10.623  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:10.995  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:10.997  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:11.358  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:11.360  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:11.708  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:11.710  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:12.035  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:12.036  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:12.376  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:12.377  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:12.719  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:12.720  LISTENER    ( PROCESS ) : app_attributes: Gathering AppAttributes...
23.10.24 12:31:13.062  LISTENER    ( PROCESS ) : app_attributes: Finished
23.10.24 12:31:13.063  LISTENER    ( WARN    ) : finished initializing module app_attributes with rv=0
23.10.24 12:31:13.063  LISTENER    ( WARN    ) : initializing module udm_extension
23.10.24 12:31:19.700  LISTENER    ( WARN    ) : finished initializing module udm_extension with rv=0
23.10.24 12:31:19.700  LISTENER    ( WARN    ) : initializing module ldap_server
Setting ldap/master
Setting kerberos/adminserver
File: /etc/krb5.conf
File: /etc/default/ntpdate
Multifile: /etc/ldap/slapd.conf
File: /etc/ntp.conf
File: /etc/nagios/nrpe.cfg
23.10.24 12:31:22.858  LISTENER    ( WARN    ) : finished initializing module ldap_server with rv=0
23.10.24 12:31:22.858  LISTENER    ( WARN    ) : initializing module portal_server
23.10.24 12:31:22.946  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:folder:cn=help,cn=folder,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:23.142  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:portal:cn=local,cn=portal,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:23.341  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:portal:cn=domain,cn=portal,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:23.537  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=umc-local,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:23.735  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=login-ucs,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:23.933  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=root-cert,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:24.131  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=umc-domain,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:24.327  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=login-saml,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:24.522  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:24.719  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:folder:cn=certificates,cn=folder,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:24.918  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:portal:cn=self-service,cn=portal,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:25.118  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionblog,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:25.317  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=local-admin,cn=category,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:25.514  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=domain-admin,cn=category,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:25.711  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionforum,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:25.908  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=domain-service,cn=category,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:26.105  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionwebsite,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:26.302  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=univentionfeedback,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:26.496  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=ucs-local-to-domain,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:26.693  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=certificate-revocation,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:26.890  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-my-profile,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:27.085  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=self-service-profile,cn=category,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:27.283  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=self-service-password,cn=category,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:27.481  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-create-account,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:27.676  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-verify-account,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:27.871  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:category:cn=self-service-new-account,cn=category,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:28.070  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-protect-account,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:28.267  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-password-change,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:28.464  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-password-forgotten,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:28.660  LISTENER    ( PROCESS ) : Updating portal. Reason: ldap:entry:cn=self-service-service-specific-passwords,cn=entry,cn=portals,cn=univention,dc=int,dc=example,dc=net
23.10.24 12:31:28.857  LISTENER    ( WARN    ) : finished initializing module portal_server with rv=0
23.10.24 12:31:28.857  LISTENER    ( WARN    ) : initializing module monitoring-client
23.10.24 12:31:29.590  LISTENER    ( WARN    ) : finished initializing module monitoring-client with rv=0
23.10.24 12:31:29.590  LISTENER    ( WARN    ) : initializing module faillog
23.10.24 12:31:30.370  LISTENER    ( WARN    ) : finished initializing module faillog with rv=0
23.10.24 12:31:30.370  LISTENER    ( WARN    ) : initializing module pkgdb-watch
23.10.24 12:31:30.445  LISTENER    ( WARN    ) : finished initializing module pkgdb-watch with rv=0
23.10.24 12:31:30.445  LISTENER    ( WARN    ) : initializing module keytab
23.10.24 12:31:30.511  LISTENER    ( PROCESS ) : Exporting /etc/krb5.keytab on domaincontroller_slave
kadmin: ext host/oducs.int.example.net@INT.example.NET: Principal does not exist
23.10.24 12:31:30.539  LISTENER    ( WARN    ) : finished initializing module keytab with rv=0
23.10.24 12:31:30.539  LISTENER    ( WARN    ) : initializing module nfs-shares
23.10.24 12:31:30.540  LISTENER    ( PROCESS ) : Writing /etc/exports with 10 lines
23.10.24 12:31:30.617  LISTENER    ( WARN    ) : finished initializing module nfs-shares with rv=0
23.10.24 12:31:30.618  LISTENER    ( WARN    ) : initializing module umc-service-providers
Create umc/saml/trusted/sp/mrucs.int.example.net
Create ldap/server/sasl/oauthbearer/trusted-authorized-party/mrucs.int.example.net
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Create umc/saml/trusted/sp/pnucs.int.example.net
Create ldap/server/sasl/oauthbearer/trusted-authorized-party/pnucs.int.example.net
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Create umc/saml/trusted/sp/khucs.int.example.net
Create ldap/server/sasl/oauthbearer/trusted-authorized-party/khucs.int.example.net
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Create umc/saml/trusted/sp/vhucs.int.example.net
Create ldap/server/sasl/oauthbearer/trusted-authorized-party/vhucs.int.example.net
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Create umc/saml/trusted/sp/wcucs.int.example.net
Create ldap/server/sasl/oauthbearer/trusted-authorized-party/wcucs.int.example.net
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Create umc/saml/trusted/sp/ucs-master.int.example.net
Create ldap/server/sasl/oauthbearer/trusted-authorized-party/ucs-master.int.example.net
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
23.10.24 12:31:35.036  LISTENER    ( WARN    ) : finished initializing module umc-service-providers with rv=0
23.10.24 12:31:35.036  LISTENER    ( WARN    ) : initializing module bind
23.10.24 12:31:35.130  LISTENER    ( WARN    ) : finished initializing module bind with rv=0
23.10.24 12:31:35.130  LISTENER    ( WARN    ) : initializing module gencertificate
23.10.24 12:31:35.215  LISTENER    ( WARN    ) : finished initializing module gencertificate with rv=0
23.10.24 12:31:35.215  LISTENER    ( WARN    ) : initializing module well-known-sid-name-mapping
23.10.24 12:31:36.127  LISTENER    ( PROCESS ) : well-known-sid-name-mapping: ucr set

Any ideas on how I can get the join to complete?

Thank you

gcan · October 23, 2024, 7:49pm

Part 2 of join.log

groups/default/printoperators=Printer-Admins
Create groups/default/printoperators
File: /etc/security/access-passwd.conf
File: /etc/security/access-login.conf
File: /etc/security/access-su.conf
File: /etc/security/access-sshd.conf
File: /etc/security/access-sudo.conf
File: /etc/security/access-screen.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/security/limits.conf
File: /etc/security/access-cron.conf
File: /etc/security/access-rlogin.conf
File: /etc/security/access-chfn.conf
File: /etc/security/access-other.conf
File: /etc/security/access-ppp.conf
File: /etc/security/access-chsh.conf
File: /etc/security/access-rsh.conf
23.10.24 12:31:40.898  LISTENER    ( WARN    ) : finished initializing module well-known-sid-name-mapping with rv=0
23.10.24 12:31:40.898  LISTENER    ( WARN    ) : initializing module portal_groups
23.10.24 12:31:41.143  LISTENER    ( WARN    ) : finished initializing module portal_groups with rv=0
23.10.24 12:31:41.143  LISTENER    ( WARN    ) : initializing module quota
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 212, in handler
    if _is_container_change_relevant(new, old):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
    lo = _get_ldap_connection()
  File "/usr/lib/univention-directory-listener/system/quota.py", line 123, in _get_ldap_connection
    connection = univention.uldap.getMachineConnection(ldap_master=False)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 204, in getMachineConnection
    return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 303, in __init__
    self.__open(ca_certfile)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 405, in __open
    self.bind(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 220, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 317, in bind
    self.lo.simple_bind_s(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1215, in simple_bind_s
    res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 444, in simple_bind_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
23.10.24 12:31:41.277  LISTENER    ( WARN    ) : handler: quota (failed)
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 212, in handler
    if _is_container_change_relevant(new, old):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
    lo = _get_ldap_connection()
  File "/usr/lib/univention-directory-listener/system/quota.py", line 123, in _get_ldap_connection
    connection = univention.uldap.getMachineConnection(ldap_master=False)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 204, in getMachineConnection
    return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 303, in __init__
    self.__open(ca_certfile)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 405, in __open
    self.bind(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 220, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 317, in bind
    self.lo.simple_bind_s(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1215, in simple_bind_s
    res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 444, in simple_bind_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
23.10.24 12:31:41.292  LISTENER    ( WARN    ) : handler: quota (failed)
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 212, in handler
    if _is_container_change_relevant(new, old):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
    lo = _get_ldap_connection()
  File "/usr/lib/univention-directory-listener/system/quota.py", line 123, in _get_ldap_connection
    connection = univention.uldap.getMachineConnection(ldap_master=False)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 204, in getMachineConnection
    return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 303, in __init__
    self.__open(ca_certfile)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 405, in __open
    self.bind(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 220, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 317, in bind
    self.lo.simple_bind_s(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1215, in simple_bind_s
    res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 444, in simple_bind_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
23.10.24 12:31:41.304  LISTENER    ( WARN    ) : handler: quota (failed)
Traceback (most recent call last):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 212, in handler
    if _is_container_change_relevant(new, old):
  File "/usr/lib/univention-directory-listener/system/quota.py", line 139, in _is_container_change_relevant
    lo = _get_ldap_connection()
  File "/usr/lib/univention-directory-listener/system/quota.py", line 123, in _get_ldap_connection
    connection = univention.uldap.getMachineConnection(ldap_master=False)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 204, in getMachineConnection
    return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 303, in __init__
    self.__open(ca_certfile)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 405, in __open
    self.bind(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 220, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 317, in bind
    self.lo.simple_bind_s(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1215, in simple_bind_s
    res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 444, in simple_bind_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
23.10.24 12:31:41.331  LISTENER    ( WARN    ) : handler: quota (failed)
23.10.24 12:31:41.364  LISTENER    ( WARN    ) : finished initializing module quota with rv=0
Traceback (most recent call last):
  File "/usr/lib/univention-pam/ldap-group-to-file.py", line 151, in <module>
    main()
  File "/usr/lib/univention-pam/ldap-group-to-file.py", line 102, in main
    lo = univention.uldap.getMachineConnection(ldap_master=False, random_server=True)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 204, in getMachineConnection
    return access(host=server, port=port, base=ucr['ldap/base'], binddn=ucr['ldap/hostdn'], bindpw=bindpw, start_tls=start_tls, decode_ignorelist=decode_ignorelist, reconnect=reconnect)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 303, in __init__
    self.__open(ca_certfile)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 405, in __open
    self.bind(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 220, in _decorated
    return func(self, *args, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/uldap.py", line 317, in bind
    self.lo.simple_bind_s(self.binddn, self.bindpw)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1215, in simple_bind_s
    res = self._apply_method_s(SimpleLDAPObject.simple_bind_s,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 1197, in _apply_method_s
    return func(self,*args,**kwargs)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 444, in simple_bind_s
    resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 749, in result3
    resp_ctrl_classes=resp_ctrl_classes
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 756, in result4
    ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in _ldap_call
    reraise(exc_type, exc_value, exc_traceback)
  File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
    raise exc_value
  File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
27216
23.10.24 12:31:41.516  LISTENER    ( PROCESS ) : ldap_extension: Reloading LDAP server.
Restarting nagios-nrpe-server (via systemctl): nagios-nrpe-server.service.
23.10.24 12:31:42.007  LISTENER    ( ERROR   ) : Error reloading prometheus alert rules: 404 Client Error: Not Found for url: http://localhost/metrics-prometheus/-/reload
28078
23.10.24 12:31:42.015  LISTENER    ( PROCESS ) : umc-service-providers: Reloading LDAP server.
Restarting slapd (via systemctl): slapd.serviceWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Job for slapd.service failed because a timeout was exceeded.
See "systemctl status slapd.service" and "journalctl -xe" for details.
 failed!
Updating umc
Portal data untouched
Warning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Job for slapd.service failed because a timeout was exceeded.
See "systemctl status slapd.service" and "journalctl -xe" for details.
2024-10-23 12:41:42.416608299-07:00 (in joinscript_save_current_version)


**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- FAILED: failed.ldif exists.
**************************************************************************
Wed Oct 23 12:41:42 PDT 2024: finish /usr/share/univention-join/univention-join

scheinig · October 25, 2024, 1:18pm

Hi gcan,
this:

is kinf of an eyecatcher for me.
After installing the new server, have you rebooted it and does the server has already his role? So have you gone through the configuration part of the wizard, where to select the role?

Regards,
Christina

gcan · October 25, 2024, 4:28pm

Hey Scheinig,

The join was initiated through the web GUI on console. Selecting to join the existing domain as a replica server.

The reason it says unassigned-hostname is I SSH to it during the join to watch the log from the shell. The hostname is set as part of the join through the console web interface. When I rebooted, the shell displayed the hostname oducs instead of unassigned-hostname.

It’s like it’s partially joined but not correctly. When I try to go to the web interface on the new replica server from my PC and log in. It accepts my domain login for my admin account but displays “No Search Results” and doesn’t have anything on the page like the other ones. No ‘Users’, ‘Domain’, ‘System’ or 'Software sections listed. And although I can log into the web interface with my domain credentials, I’m unable to log into the shell of the new replica with them and have to use root to access via SSH.

Here is the role output and replication:

root@oducs:~# /usr/lib/nagios/plugins/check_univention_replication
CRITICAL: failed.ldif exists (nid=27030366 lid=27030242)
root@oducs:~# ucr get server/role
domaincontroller_slave

Any ideas what the hangup could be?

gcan · October 25, 2024, 4:29pm

I also tried to run the univention diagnostic command and get the following output:

root@oducs:~# univention-run-diagnostic-checks
Traceback (most recent call last):
  File "/usr/bin/univention-run-diagnostic-checks", line 168, in <module>
    sys.exit(CLIClient.main())
  File "/usr/bin/univention-run-diagnostic-checks", line 78, in main
    plugins = {plugin['id'] for plugin in client.umc_command('diagnostic/query').result}
  File "/usr/lib/python3/dist-packages/univention/lib/umc.py", line 484, in umc_command
    return self.request('POST', 'command/%s' % (path,), data, headers)
  File "/usr/lib/python3/dist-packages/univention/lib/umc.py", line 578, in request
    return self.send(request)
  File "/usr/lib/python3/dist-packages/univention/lib/umc.py", line 607, in send
    raise HTTPError(request, umc_response, self.hostname)
univention.lib.umc.Forbidden: 403 on oducs.int.example.net (command/diagnostic/query): {'status': 403, 'message': 'No module found for this request.', 'traceback': None, 'location': 'https://oducs.int.example.net/univention/command/diagnostic'}

I also tried to run the rejoin scripts with the following output:

root@oducs:~# univention-run-join-scripts
univention-run-join-scripts: runs all join scripts existing on local computer.
copyright (c) 2001-2024 Univention GmbH, Germany

Enter Primary Directory Node Account : administrator
Enter Primary Directory Node Password:

Search LDAP binddn:

**************************************************************************
* Running join scripts failed!                                           *
**************************************************************************
* Message:  Invalid credentials
**************************************************************************

This is the output of the ADMINDIARY in /var/log/syslog:

root@oducs:~# cat /var/log/syslog | grep ADMINDIARY
Oct 24 22:22:00 unassigned-hostname ADMINDIARY: {"username": "root", "hostname": "oducs", "message": {"en": "Started to join {hostname} into the domain", "de": "Dom\u00e4nenbeitritt von {hostname} begonnen"}, "args": {"hostname": "oducs"}, "timestamp": "2024-10-24 22:22:00", "tags": [], "context_id": "907ee67d-411b-4186-9640-6ed5bb6bc82b", "event": "JOIN_STARTED", "type": "Entry v1"}
Oct 24 22:34:39 unassigned-hostname ADMINDIARY: {"username": "root", "hostname": "oducs", "message": {"en": "Failed to join {hostname}", "de": "Dom\u00e4nenbeitritt von {hostname} fehlgeschlagen"}, "args": {"hostname": "oducs"}, "timestamp": "2024-10-24 22:34:39", "tags": ["error"], "context_id": "907ee67d-411b-4186-9640-6ed5bb6bc82b", "event": "JOIN_FINISHED_FAILURE", "type": "Entry v1"}
Oct 24 22:34:54 unassigned-hostname ADMINDIARY: {"username": "root", "hostname": "oducs", "message": {"en": "Started to update {hostname}", "de": "Aktualisierung von {hostname} begonnen"}, "args": {"hostname": "oducs"}, "timestamp": "2024-10-24 22:34:54", "tags": [], "context_id": "0395025d-b30a-47c9-ae77-bfc4d57a844b", "event": "UPDATE_STARTED", "type": "Entry v1"}
Oct 24 22:35:26 unassigned-hostname ADMINDIARY: {"username": "root", "hostname": "oducs", "message": {"en": "Successfully updated {hostname} to {version}", "de": "Aktualisierung von {hostname} auf {version} erfolgreich abgeschlossen"}, "args": {"hostname": "oducs", "version": "UCS 5.0-9 errata1125"}, "timestamp": "2024-10-24 22:35:26", "tags": [], "context_id": "0395025d-b30a-47c9-ae77-bfc4d57a844b", "event": "UPDATE_FINISHED_SUCCESS", "type": "Entry v1"}

gcan · October 25, 2024, 5:29pm

This is the contents of the /var/log/univention/listener.log:

Try to sync changes stored in /var/lib/univention-directory-replication/failed.ldif into local LDAP
Shutting down univention-directory-listener. DONE.
                     USER        PID ACCESS COMMAND
/var/lib/univention-directory-replication/failed.ldif:
                     root      27028 F.... univention-dire
File still in use: /var/lib/univention-directory-replication/failed.ldif
24.10.24 22:34:39.626  DEBUG_INIT
24.10.24 22:34:39.640  LISTENER    ( WARN    ) : Notifier/LDAP server is ucs-master.int.example.net:7389
24.10.24 22:34:39.640  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.example.net:7389
24.10.24 22:34:41.245  LISTENER    ( PROCESS ) : updating 'zoneName=int.example.net,cn=dns,dc=int,dc=example,dc=net' command m
24.10.24 22:34:41.251  LDAP        ( PROCESS ) : connecting to ldap://localhost:7389
24.10.24 22:34:41.254  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
24.10.24 22:34:41.255  LISTENER    ( ERROR   ) : check_parent_dn: bind to local LDAP failed
24.10.24 22:34:41.256  LISTENER    ( ERROR   ) : 'failed.ldif' exists. Check for /var/lib/univention-directory-replication/failed.ldif
24.10.24 22:34:51.346  DEBUG_INIT
24.10.24 22:34:51.359  LISTENER    ( WARN    ) : Notifier/LDAP server is ucs-master.int.example.net:7389
24.10.24 22:34:51.359  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.example.net:7389
24.10.24 22:34:52.928  LISTENER    ( PROCESS ) : updating 'zoneName=int.example.net,cn=dns,dc=int,dc=example,dc=net' command m
24.10.24 22:34:52.933  LDAP        ( PROCESS ) : connecting to ldap://localhost:7389
24.10.24 22:34:52.937  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
24.10.24 22:34:52.937  LISTENER    ( ERROR   ) : check_parent_dn: bind to local LDAP failed
24.10.24 22:34:52.938  LISTENER    ( ERROR   ) : 'failed.ldif' exists. Check for /var/lib/univention-directory-replication/failed.ldif
24.10.24 22:35:03.095  DEBUG_INIT
24.10.24 22:35:03.109  LISTENER    ( WARN    ) : Notifier/LDAP server is ucs-master.int.example.net:7389
24.10.24 22:35:03.109  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.example.net:7389
24.10.24 22:35:04.672  LISTENER    ( PROCESS ) : updating 'zoneName=int.example.net,cn=dns,dc=int,dc=example,dc=net' command m
24.10.24 22:35:04.678  LDAP        ( PROCESS ) : connecting to ldap://localhost:7389
24.10.24 22:35:04.681  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
24.10.24 22:35:04.681  LISTENER    ( ERROR   ) : check_parent_dn: bind to local LDAP failed
24.10.24 22:35:04.682  LISTENER    ( ERROR   ) : 'failed.ldif' exists. Check for /var/lib/univention-directory-replication/failed.ldif
24.10.24 22:35:12.745  DEBUG_INIT
24.10.24 22:35:12.758  LISTENER    ( WARN    ) : Notifier/LDAP server is ucs-master.int.example.net:7389
24.10.24 22:35:12.758  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.example.net:7389
24.10.24 22:35:14.326  LISTENER    ( PROCESS ) : updating 'zoneName=int.example.net,cn=dns,dc=int,dc=example,dc=net' command m
24.10.24 22:35:14.331  LDAP        ( PROCESS ) : connecting to ldap://localhost:7389
24.10.24 22:35:14.336  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
24.10.24 22:35:14.336  LISTENER    ( ERROR   ) : check_parent_dn: bind to local LDAP failed
24.10.24 22:35:14.337  LISTENER    ( ERROR   ) : 'failed.ldif' exists. Check for /var/lib/univention-directory-replication/failed.ldif
24.10.24 22:35:24.595  DEBUG_INIT
24.10.24 22:35:24.616  LISTENER    ( WARN    ) : Notifier/LDAP server is ucs-master.int.example.net:7389
24.10.24 22:35:24.616  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.example.net:7389
24.10.24 22:35:26.142  LISTENER    ( PROCESS ) : updating 'zoneName=int.example.net,cn=dns,dc=int,dc=example,dc=net' command m
24.10.24 22:35:26.148  LDAP        ( PROCESS ) : connecting to ldap://localhost:7389
24.10.24 22:35:26.151  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
24.10.24 22:35:26.151  LISTENER    ( ERROR   ) : check_parent_dn: bind to local LDAP failed
24.10.24 22:35:26.153  LISTENER    ( ERROR   ) : 'failed.ldif' exists. Check for /var/lib/univention-directory-replication/failed.ldif
24.10.24 22:35:36.345  DEBUG_INIT
24.10.24 22:35:36.359  LISTENER    ( WARN    ) : Notifier/LDAP server is ucs-master.int.example.net:7389
24.10.24 22:35:36.359  LDAP        ( PROCESS ) : connecting to ldap://ucs-master.int.example.net:7389
24.10.24 22:35:37.917  LISTENER    ( PROCESS ) : updating 'zoneName=int.example.net,cn=dns,dc=int,dc=example,dc=net' command m
24.10.24 22:35:37.923  LDAP        ( PROCESS ) : connecting to ldap://localhost:7389
24.10.24 22:35:37.926  LDAP        ( ERROR   ) : ldap_simple_bind: Invalid credentials
24.10.24 22:35:37.926  LISTENER    ( ERROR   ) : check_parent_dn: bind to local LDAP failed
24.10.24 22:35:37.928  LISTENER    ( ERROR   ) : 'failed.ldif' exists. Check for /var/lib/univention-directory-replication/failed.ldif
Try to sync changes stored in /var/lib/univention-directory-replication/failed.ldif into local LDAP
Shutting down univention-directory-listener. DONE.
replay stored changes ...
some DNs have failed and have to be synced manually:

You can find the failed modifications in /tmp/tmp.e1GakHkx0R
Check them for being sync with the Primary LDAP, then delete /var/lib/univention-directory-replication/failed.ldif and start the listener again typing:
systemctl start univention-directory-listener

Here’s a sample of /tmp/tmp.e1GakHkx0R with an example of the three types of errors reported in the file (I added the SANATIZED to the password and kerberos fields):

# Error: No such object (32), matched DN: cn=univention,dc=int,dc=example,dc=net
dn:cn=univentionObjectIdentifier,cn=temporary,cn=univention
 ,dc=int,dc=example,dc=net
changetype:add
cn:univentionObjectIdentifier
objectClass:top
objectClass:organizationalRole
objectClass:univentionObject
univentionObjectType:container/cn
structuralObjectClass:organizationalRole
entryUUID:7afb39aa-21f1-103d-8493-b7447dc8788c
creatorsName:cn=admin,dc=int,dc=example,dc=net
createTimestamp:20230106093728Z
entryCSN:20230106093728.846947Z#000000#000#000000
modifiersName:cn=admin,dc=int,dc=example,dc=net
modifyTimestamp:20230106093728Z

# Error: Invalid syntax (21), additional info: description: value #0 invalid per syntax
dn:uid=KCarlson,cn=users,dc=int,dc=example,dc=net
changetype:add
uid:KCarlson
krb5PrincipalName:KCarlson@INT.example.NET
uidNumber:2507
sambaBadPasswordCount:0
krb5MaxLife:86400
cn:K Carlson
krb5MaxRenew:604800
sambaBadPasswordTime:0
loginShell:/bin/bash
univentionObjectType:users/user
displayName:K Carlson
gecos:K Carlson
sn:Carlson
pwhistory:<SANITIZED>
homeDirectory:/home/KCarlson
givenName:K
structuralObjectClass:inetOrgPerson
entryUUID:c6ea889a-57a0-1038-93e9-eff58d96dc75
creatorsName:uid=admin,cn=users,dc=int,dc=example,dc=n
 et
createTimestamp:20180928193101Z
gidNumber:5001
sambaPrimaryGroupSID:S-1-5-21-2406203658-1717808923-3449552
 969-513
sambaSID:S-1-5-21-2406203658-1717808923-3449552969-1749
sambaLogonScript:SBS_LOGIN_SCRIPT.bat
mailPrimaryAddress:Kcarlson@example.com
sambaProfilePath:\\ucs-master.int.example.net\%USERNAM
 E%\windows-profiles\default
memberOf:cn=Sales,cn=groups,dc=int,dc=example,dc=ne
 t
memberOf:cn=K-RADIUS,cn=groups,dc=int,dc=example,dc=
 net
memberOf:cn=Domain Users,cn=groups,dc=int,dc=example,d
 c=net
description:
sambaPasswordHistory:<SANITIZED>
sambaNTPassword:<SANITIZED>
krb5Key::<SANITIZED>
krb5Key::<SANITIZED>
krb5Key::<SANITIZED>
krb5Key::<SANITIZED>
krb5Key::<SANITIZED>
krb5KeyVersionNumber:8
shadowLastChange:18510
sambaPwdLastSet:1599264048
univentionNetworkAccess:1
objectClass:krb5KDCEntry
objectClass:posixAccount
objectClass:person
objectClass:automount
objectClass:top
objectClass:inetOrgPerson
objectClass:sambaSamAccount
objectClass:organizationalPerson
objectClass:univentionPWHistory
objectClass:shadowAccount
objectClass:univentionObject
objectClass:univentionMail
objectClass:krb5Principal
objectClass:univentionNetworkAccess
krb5KDCFlags:254
userPassword:{K5KEY}!
sambaAcctFlags:[UD         ]
shadowExpire:1
entryCSN:20220729230540.960192Z#000000#000#000000
modifyTimestamp:20220729230540Z
modifiersName:cn=admin,dc=int,dc=example,dc=net

# Error: Bad parameter to an ldap routine (-9)
dn:cn=selfserviceregistrationtemplate,cn=templates,cn=unive
 ntion,dc=int,dc=example,dc=net
changetype:add
displayName:<firstname> <lastname><:strip>
cn:selfserviceregistrationtemplate
objectClass:top
objectClass:univentionUserTemplate
objectClass:univentionObject
loginShell:/bin/bash
univentionObjectType:settings/usertemplate
homeDirectory:/home/<username>
userPrimaryGroupPreset:cn=Domain Users,cn=groups,dc=int,dc=
 example,dc=net
structuralObjectClass:univentionUserTemplate
entryUUID:841dd030-b886-103c-99c5-c9278605286a
creatorsName:cn=admin,dc=int,dc=example,dc=net
createTimestamp:20220825055715Z
entryCSN:20220825055715.931402Z#000000#000#000000
modifiersName:cn=admin,dc=int,dc=example,dc=net
modifyTimestamp:20220825055715Z

scheinig · October 28, 2024, 9:07am

Hi gcan,

If you join a new server via univention-join a failed.ldif will be removed outomatically. If an failed.ldif occur again. I would check the primarys ldap and the schema files.
I schema could be missing, and there for the replica does not know what to do with the entries.

You can check the primary with
slapschema and slaptest

You should not try to debug the failed.ldif, if the server is not properly joined.
What is the joinstate of the replica?
univention-check-join-status

Regards Christina

gcan · October 28, 2024, 4:50pm

Hey Scheining,

Running the univention-join command from the replica ends up with the failed.ldif error still:

**************************************************************************
* Join failed!                                                           *
* Contact your system administrator                                      *
**************************************************************************
* Message:  Please visit https://help.univention.com/t/8842 for common problems during the join and how to fix them -- FAILED: failed.ldif exists.
**************************************************************************
Mon Oct 28 09:44:23 PDT 2024: finish /usr/sbin/univention-join

Output of univention-check-join-status on the replica:

root@oducs:~# univention-check-join-status
Error: localhost ldapsearch failed

On the primary, I get the following output for slapschema and slaptest:

root@ucs-master:~# slapschema
671fc084 UNKNOWN attributeDescription "UNIVENTIONCUSTOMACLREFERENCEUSERCREATE" inserted.
671fc084 UNKNOWN attributeDescription "UNIVENTIONCUSTOMACLREFERENCEGROUPMODIFY" inserted.
# (65) Object class violation: unrecognized objectClass 'univentionCustomACLReferences'
dn: cn=temporary,cn=univention,dc=int,dc=example,dc=net

# (65) Object class violation: unrecognized objectClass 'univentionCustomACLReferences'
dn: cn=users,dc=int,dc=example,dc=net

# (65) Object class violation: unrecognized objectClass 'univentionCustomACLReferences'
dn: cn=groups,dc=int,dc=example,dc=net

root@ucs-master:~# slaptest
671fc0b4 WARNING: No dynamic config support for overlay translog.
671fc0b4 WARNING: No dynamic config support for overlay shadowbind.
671fc0b4 UNKNOWN attributeDescription "UNIVENTIONCUSTOMACLREFERENCEUSERCREATE" inserted.
671fc0b4 UNKNOWN attributeDescription "UNIVENTIONCUSTOMACLREFERENCEGROUPMODIFY" inserted.
config file testing succeeded

I think some of this output might be leftover from when we were on 4.X versions. If I recall, I think we had something from Cool Solution installed to provide the MemberOf overlay originally. How would I go about cleaning up those on the primary?

scheinig · October 30, 2024, 7:57am

Hi gcan,

so here we go. If the master does not have the schema for the entries in ldap, the replica cannot replicate those entries because it does not know the schema either.
You need to fix the master ldap first.
You can remove the attribute references in ldap, or you need to reinstall the schema.
Please read these articles for help:

gcan · October 31, 2024, 5:21pm

Hey Scheinig,

Thank you for your help. After following the first article and removing the unkown LDAP references, I was able to join the replica server successfully

Cheers!