Description Arvid Requate 2022-03-03 12:33:15 CET

We should also fix this in UCS 5. I guess to fix this we should mane memberUid case insensitive in the LDAP schema. If we do that, we will need to reindex the attribute, so I propose to do that in UCS 5.1 (Or maybe 5.0-2 ?).


+++ This bug was initially created as a clone of Bug #54183 +++

Now seen this in a customer environment with 4.4-8

01.12.2021 06:25:09.593 LDAP        (PROCESS): sync to ucs: Resync rejected dn: CN=Remoteuser,OU=Standard,OU=Gruppen,OU=SUB,DC=schein,DC=me
01.12.2021 06:25:09.673 LDAP        (PROCESS): sync to ucs:   [         group] [    modify] cn=remoteuser,ou=standard,ou=gruppen,ou=sub,dc=schein,dc=me
01.12.2021 06:25:10.925 LDAP        (ERROR  ): Unknown Exception during sync_to_ucs
01.12.2021 06:25:11.017 LDAP        (ERROR  ): Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 1374, in sync_to_ucs
    f(self, property_type, object)
  File "/usr/lib/python2.7/dist-packages/univention/connector/ad/__init__.py", line 187, in group_members_sync_to_ucs
    return connector.group_members_sync_to_ucs(key, object)
  File "/usr/lib/python2.7/dist-packages/univention/connector/ad/__init__.py", line 2189, in group_members_sync_to_ucs
    ucs_admin_object.fast_member_remove(uniqueMember_del, memberUid_del, ignore_license=1)
  File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py", line 418, in fast_member_remove
    return self.lo.modify(self.dn, ml, ignore_license=ignore_license)
  File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 902, in modify
    raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg)
ldapError: No such attribute: modify/delete: memberUid: no such value

01.12.2021 15:42:56.528 LDAP        (INFO   ): group_members_sync_to_ucs: members to del: {'group': [], 'user': ['uid=cm,cn=users,dc=sch-ein,dc=me'], 'windowscomputer': []}

A group member could not be deleted, because memberUid: CM instead of cm

+++ This bug was initially created as a clone of Bug #25838 +++

Bei folgender Gruppe

# test, groups, update.test
dn: cn=test,cn=groups,dc=update,dc=test
sambaGroupType: 2
cn: test
objectClass: top
objectClass: posixGroup
objectClass: univentionGroup
objectClass: sambaGroupMapping
objectClass: univentionObject
univentionObjectType: groups/group
gidNumber: 5014
sambaSID: S-1-5-21-2796199546-1396784971-2706387774-11029
uniqueMember: uid=Administrator,cn=users,dc=update,dc=test
memberUid: administrator


kann der Administrator nicht gelöscht werden, da administrator im Attribute memberUid kleingeschrieben wird.


root@master:~# udm groups/group modify --dn cn=test,cn=groups,dc=update,dc=test --remove users="uid=Administrator,cn=users,dc=update,dc=test"
Traceback (most recent call last):
  File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit
    output = univention.admincli.admin.doit(arglist)
  File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 939, in doit
    dn=object.modify()
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 344, in modify
    return self._modify(modify_childs,ignore_license=ignore_license)
  File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 863, in _modify
    self.lo.modify(self.dn, ml, ignore_license=ignore_license)
  File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 385, in modify
    raise univention.admin.uexceptions.ldapError, _err2str(msg)
ldapError: No such attribute: modify/delete: memberUid: no such value

Ändert man administrator in Administrator funktioniert es wieder:

root@master:~# udm groups/group modify --dn cn=test,cn=groups,dc=update,dc=test --remove users="uid=Administrator,cn=users,dc=update,dc=test"
Object modified: cn=test,cn=groups,dc=update,dc=test