Problem
The system cannot be updated to UCS 5.2 due to an issue with the LDAP schema. The following errors may appear during the pre-update check:
ldap_schema:
There is a problem with the LDAP schema on this system.
Please check /var/log/univention/updater.log or run 'slapschema' manually.
20250828-220121: Pre-Update-Check failed
Running slapschema may return an error like:
# (65) Object class violation: unrecognized objectClass 'univentionOpenDVDI'
dn: uid=user2,cn=users,dc=domain,dc=de
This suggests that replication issues may be a possible cause. In this specific case the user user2 no longer exists on the LDAP primary, but objects referencing it still remain on the replica server.
Solution
The error message unrecognized objectClass 'univentionOpenDVDI' indicates that some objects on the replica server exist that have already been removed on the LDAP primary, causing inconsistencies.
Do not manually delete objects on the replica using ldapdelete, as replication is managed from the primary server. Manual deletion can lead to further inconsistencies.
Instead, trigger replication for the affected object from the primary server using the following command:
univention-replicate-one --dn uid=user2,cn=users,dc=domain,dc=de
Warning: This tool will stop the OpenLDAP and the Notifier daemon during the process.
This command will re-initiate replication for the specific object, ensuring it is correctly removed or synchronized according to the primary server.
If other objects show similar errors, synchronize them using the same method. Afterward, it is recommended to run the Pre-Update-Check again to confirm that the system is consistent and ready for the UCS 5.2 update.
Tip: You can re-initiate replication for many objects with one command only. The DNs in a given file that you specify will be re-replicated.
univention-replicate-many <file name>
Warning: This tool will stop the OpenLDAP and the Notifier daemon during the process.