Hi I just migrated all SAML IDPC to keycloak but now the update blocks:
apt-key verify pre-update-checks-5.2-0{.gpg,} && bash pre-update-checks-5.2-0
gpgv: Signatur vom Mo 28 Apr 2025 18:46:01 CEST
gpgv: mittels RSA-Schlüssel C882B6F1F7229D9A
gpgv: Korrekte Signatur von "Univention Corporate Server 5.2 <packages@univention.de>"
Starting pre-update-checks-5.2-0 (Di 30. Sep 15:42:47 CEST 2025):
Checking auth_faillog ... OK
Checking blocking_apps ... FAIL
Checking disk_space ... OK
Checking docker_storage_driver ... OK
Checking failed_ldif ... OK
Checking for_postgresql96 ... OK
Checking hold_packages ... OK
Checking keycloak_migration ... OK
Checking ldap_connection ... OK
Checking ldap_schema ... OK
Checking legacy_objects ... OK
Checking master_version ... OK
Checking min_version ... OK
Checking minimum_ucs_version_of_all_systems_in_domain ... OK
Checking openldap_bdb ... OK
....
The system can not be updated to UCS 5.2 due to the following reasons:
blocking_apps:
The update to 5.2 is currently not possible,
because the following Apps are not available for UCS 5.2:
* Keycloak
I thought i need to migrate first to keycloak and then do an update?
I had a fail due to keycloak in one of my many attempts to update as well. I think I got to version 26.3.1 and did not update to 26.3.3 and then ran the update. That seemed to work IIRC.
I am not 100% sure what all issues I had because I needed additional boot space as well since the 5.1 intermediate update would also install a new kernel and I would run out of boot space mid update.
I still am not sure if my email setup is correct as that was broken by the update. At first I though it was just spam filtering that was borked, but I’ve also since learned at some point dovecot created new user mailboxes for some of our accounts and since they were empty all the emails on the clients disappeared.
After fixing the spam filtering services and maybe running subsequent package updates, the mail server did go back to the correct mailboxes and everything seems to be ok now, but I still need to figure out how to verify my configs. I’m probably going to end up installing a new 5.2 server from scratch and comparing things.
So just be careful with the upgrade and make sure you cover your bases with VM snapshots and/or backups as needed.
Hi,
I downgraded the keycloak app, but the error looks the same:
root@gandalf:~# apt-key verify pre-update-checks-5.2-0{.gpg,} && bash pre-update-checks-5.2-0
gpgv: Signatur vom Mo 28 Apr 2025 18:46:01 CEST
gpgv: mittels RSA-Schlüssel C882B6F1F7229D9A
gpgv: Korrekte Signatur von “Univention Corporate Server 5.2 packages@univention.de”
Starting pre-update-checks-5.2-0 (Mi 1. Okt 04:17:09 CEST 2025):
Checking auth_faillog … OK
Checking blocking_apps … FAIL
Checking disk_space … OK
Checking docker_storage_driver … OK
Checking failed_ldif … OK
Checking for_postgresql96 … OK
Checking hold_packages … OK
Checking keycloak_migration … OK
Checking ldap_connection … OK
Checking ldap_schema … OK
Checking legacy_objects … OK
Checking master_version … OK
Checking min_version … OK
Checking minimum_ucs_version_of_all_systems_in_domain … OK
Checking openldap_bdb … OK
Checking overwritten_umc_templates … OK
Checking package_status … OK
Checking role_package_removed … OK
Checking selinux_deactivated … OK
Checking slapd_on_member … OK
Checking system_date_too_old … OK
Checking user_country_mapping … OK
Checking valid_machine_credentials … OK
Checking verify_translog_schema … OK
The system can not be updated to UCS 5.2 due to the following reasons:
blocking_apps:
The update to 5.2 is currently not possible,
because the following Apps are not available for UCS 5.2: