Problem
When attempting to join a new server, the join process fails during the execution of the script 96univention-samba4.inst. The error message indicates invalid credentials.
A snippet from /var/log/univention/listener.log shows:
04.09.25 11:56:57.137 LISTENER ( ERROR ) : replication: Constraint violation; dn="uid=Administrator,cn=users,dc=domain,dc=de": Constraint violation
04.09.25 11:56:57.137 LISTENER ( ERROR ) : additional info: Password policy only allows one password value
This suggests that the join fails because the Administrator account password entry is not synchronized properly and violates the password policy.
Solution
On the Primary Directory Node, reset the Administrator password once — even to the same value it already had.
Example:
udm users/user modify \
--dn "uid=Administrator,cn=users,dc=domain,dc=de" \
--set password=<CURRENT_PASSWORD>
After resetting the password, the Replica server was able to successfully complete the join.