4.3. Running join scripts

The following commands related to running join scripts exist:

univention-join

When univention-join is invoked, the machine account is created, if it is missing. Otherwise an already existing account is re-used which allows it to be created beforehand. The distinguished name (dn) of that entry is stored locally in the Univention Configuration Registry Variable ldap/hostdn. A random password is generated, which is stored in the file /etc/machine.secret.

After that the file /var/univention-join/status is cleared and all join scripts located in /usr/lib/univention-install/ are executed in lexicographical order.

univention-run-join-scripts

This command is similar to univention-join, but skips the first step of creating a machine account. Only those join scripts are executed, whose current version is not yet registered in /var/univention-join/status.

univention-check-join-status

This command only checks for join scripts in /usr/lib/univention-install/, whose version is not yet registered in /var/univention-join/status.

When packages are installed, it depends on the server role, if join scripts are invoked automatically from the postinst Debian maintainer script or not. This only happens on Primary Directory Node and Backup Directory Node system roles, where the local root user has access to the file containing the LDAP credentials. On all other system roles the join scripts need to be run manually by invoking univention-run-join-scripts or doing so through UMC.