3. Domain join#
This section covers aspects of the domain join that administrators of Debian GNU/Linux or Ubuntu systems need to be aware of regarding UCS.
UCS aims for multi-server environments. The first system takes the server role of the Primary Directory Node in a UCS domain. A domain is a single trust context that groups one or more entities such as computer systems or users. The domain provides domain services to systems and users.
See also
For more information in Univention Corporate Server 5.0 Architecture [1]:
Domain concept about the most important concept in UCS.
Role concept about the different roles of UCS systems in a UCS domain.
Permission concept about the different permissions of default user groups.
For more information in Univention Corporate Server - Manual for users and administrators [2]:
3.1. Join UCS systems#
To join a UCS system to an existing UCS domain, use the possibilities outlined in How UCS systems join domains.
Principle #5
Don’t run univention-join on a Primary Directory Node. It just skips.
3.2. Join scripts#
Services and apps that integrate with the domain, provide so-called join scripts. A service’s join script requires the credentials of a domain administrator to write data to the domain database so that the administrator can manage it.
Installing UCS components through the App Center ensures that the join scripts run after the installation. If administrators install the same component using the package manager, the join scripts don’t run and the administrator must run them manually afterwards.
Principle #6
Install UCS components through the App Center.
See also
For more information about join scripts, see the following resources in Univention Corporate Server - Manual for users and administrators [2]:
3.3. Consequences of unfinished join scripts#
Services won’t work properly, or administrators can’t manage them, if the join scripts didn’t run during the package installation or upgrade.
Principle #7
Verify status and version of the join scripts in the following situations:
After installing software or apps.
After software or app updates.
When services aren’t running as expected.
To verify status and version of join scripts, run the command univention-check-join-status.
To run pending join scripts, use the command
univention-run-join-scripts as described in
Subsequent running of join scripts. However, be careful with the
--force
option and the UCS server role on which you run the command.
Principle #8
Never run univention-run-joinscripts --force on a Primary Directory Node.
The LDAP server doesn’t work properly anymore and the repair is a lot of effort.