Problem
In the updater.log you notice:
Neue Version der Konfigurationsdatei /etc/ldap/schema/pmi.schema wird installiert ...
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Backing up /etc/ldap/slapd.conf in /var/backups/slapd-2.4.57+dfsg-3+deb11u1A~5.1.0.202501151832... done.
Moving old database directories to /var/backups:
- directory cn=internal... done.
- directory cn=translog... done.
- directory dc=domain,dc=de... done.
Loading from /var/backups/slapd-2.4.57+dfsg-3+deb11u1A~5.1.0.202501151832:
- directory cn=internal... done.
- chowning database directory (openldap:openldap)... done
- directory cn=translog... done.
- chowning database directory (openldap:openldap)... done
- directory dc=domain,dc=de... failed.
Loading the database from the LDIF dump failed with the following
error while running slapadd:
<= str2entry: str2ad(UNIVENTIONCERTIFICATEDAYS): attribute type undefined
slapadd: could not parse entry (line=15465)
Error, entries missing!
entry 195: ou=disabled,dc=domain,dc=de
entry 196: ou=user,ou=disabled,dc=domain,dc=de
Stopping slapd (via systemctl): slapd.serviceESC[0;1;38;5;185mWarning: The unit file, source configuration file or drop-ins of slapd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Investigation
It turns out that the univention-usercert package is removed during the upgrade, which means that the associated scheme is no longer available. This is caused by the fact that the scheme is registered when installing the package, but is not correctly secured or registered again in the event of uninstalling the package. This leads to the error with the slapadd command, as seen above in the logfile: attribute type undefined
Workaround
As long as the cool solution univention-usercert is not ported to UCS 5.2, you cannot upgrade or have to follow these steps. This will disable and uninstall univention-usercert, so make sure that you don’t need it anymore!
# Copy schema from /usr/share... to /var/lib...
cp /usr/share/univention-ldap/schema/univention-manage-certificates.schema /var/lib/univention-ldap/local-schema/
# Update slapd configuration
ucr commit /etc/ldap/slapd.conf
# Check if the schema is included. It should still come from /usr/share...
grep univention-manage-certificates /etc/ldap/slapd.conf
# Restart LDAP
systemctl restart slapd
# Check if LDAP is working
univention-ldapsearch uid=Administrator | grep dn:
# Uninstall packages
univention-remove univention-usercert univention-ldap-usercert
# Update slapd configuration
ucr commit /etc/ldap/slapd.conf
# Check if the schema is included. It should now come from /var/lib...
grep univention-manage-certificates /etc/ldap/slapd.conf
# Restart LDAP
systemctl restart slapd
# Check if LDAP is working
univention-ldapsearch uid=Administrator | grep dn:
Now you should be able to upgrade to UCS 5.2.