From 2031399a981b5a3c8d4b387e6f52d551ea650204 Mon Sep 17 00:00:00 2001 From: Andreas Teuber Date: Tue, 14 Oct 2025 15:19:38 +0200 Subject: [PATCH] Skip copying keycloak.secret if on same host (which could fail if password auth is disabled) --- app/inst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/app/inst b/app/inst index 798ffad..7f7007e 100755 --- a/app/inst +++ b/app/inst @@ -87,10 +87,13 @@ fi keycloak_db_host_dn=$(univention-ldapsearch -LLL univentionService="$app_id DB" 1.1 | sed -ne "s/^dn: //p") if [ -z "$keycloak_db_host_dn" ]; then - ucs_addServiceToLocalhost "$app_id DB" "$@" + ucs_addServiceToLocalhost "$app_id DB" "$@" else - keycloak_db_host=$(ucs_getAttrOfDN "cn" "$keycloak_db_host_dn") - univention-scp $machine_secret "-r $hostname\$@$keycloak_db_host:/etc/keycloak.secret /etc/keycloak.secret" || die + local_dn="$(ucr get ldap/hostdn | tr -d '\n')" + if [[ "$local_dn" != "$keycloak_db_host_dn" ]]; then + keycloak_db_host=$(ucs_getAttrOfDN "cn" "$keycloak_db_host_dn") + univention-scp $machine_secret "-r $hostname\$@$keycloak_db_host:/etc/keycloak.secret /etc/keycloak.secret" || die + fi fi