Univention Bugzilla – Bug 50161
users/user sets sambaPrimaryGroupSID not in the modlist
Last modified: 2019-10-16 14:11:07 CEST
users/user sets sambaPrimaryGroupSID not in the modlist but in the method __primary_group() which is called by * _ldap_post_create * _ldap_post_modify * open() through _load_groups(). This makes it impossible that hooks are able to remove the attribute, except if they remote it manually afterwards. But this would cause that it gets added again on every open() call of the user object. I think we should not modify users in the open() call! I see no necessarity to do this in ldap_post_*(), except for easier coding. (But the code enhanced over time and now it is probably not so hard to fix it).
Similar logic applies to computers/* objects.
This causes also that creating user objects consists of 1 ldap add following 2 ldap modify calls. Only the first ldap add call is necessary. Fixing it saves also performance in the S4-connector.
Patch in git:fbest/50161-set-primary-group-in-modlist.
Fixed for users/user. I will clone a bug soon for computer objects. univention-directory-manager-modules (14.0.14-6) 71578a269153 | Bug #50161: set primary group attributes in _ldap_modlist() univention-directory-manager-modules.yaml 71578a269153 | Bug #50161: set primary group attributes in _ldap_modlist()
What I tested: System without samba: - Added user: "sambaPrimaryGroupSID" is set -> OK - Edit user: "sambaPrimaryGroupSID" is changed -> OK System with samba: - Added user: "sambaPrimaryGroupSID" is set -> OK - Edit user: "sambaPrimaryGroupSID" is changed -> OK YAML -> OK -> Verified
<http://errata.software-univention.de/ucs/4.4/306.html>