Univention Bugzilla – Bug 54503
[5.x] Group Membership could not be updated caused by mismatching upper/lower case in memberUid
Last modified: 2023-08-02 12:36:16 CEST
We should also fix this in UCS 5. I guess to fix this we should mane memberUid case insensitive in the LDAP schema. If we do that, we will need to reindex the attribute, so I propose to do that in UCS 5.1 (Or maybe 5.0-2 ?). +++ This bug was initially created as a clone of Bug #54183 +++ Now seen this in a customer environment with 4.4-8 01.12.2021 06:25:09.593 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=Remoteuser,OU=Standard,OU=Gruppen,OU=SUB,DC=schein,DC=me 01.12.2021 06:25:09.673 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=remoteuser,ou=standard,ou=gruppen,ou=sub,dc=schein,dc=me 01.12.2021 06:25:10.925 LDAP (ERROR ): Unknown Exception during sync_to_ucs 01.12.2021 06:25:11.017 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/univention/connector/__init__.py", line 1374, in sync_to_ucs f(self, property_type, object) File "/usr/lib/python2.7/dist-packages/univention/connector/ad/__init__.py", line 187, in group_members_sync_to_ucs return connector.group_members_sync_to_ucs(key, object) File "/usr/lib/python2.7/dist-packages/univention/connector/ad/__init__.py", line 2189, in group_members_sync_to_ucs ucs_admin_object.fast_member_remove(uniqueMember_del, memberUid_del, ignore_license=1) File "/usr/lib/python2.7/dist-packages/univention/admin/handlers/groups/group.py", line 418, in fast_member_remove return self.lo.modify(self.dn, ml, ignore_license=ignore_license) File "/usr/lib/python2.7/dist-packages/univention/admin/uldap.py", line 902, in modify raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) ldapError: No such attribute: modify/delete: memberUid: no such value 01.12.2021 15:42:56.528 LDAP (INFO ): group_members_sync_to_ucs: members to del: {'group': [], 'user': ['uid=cm,cn=users,dc=sch-ein,dc=me'], 'windowscomputer': []} A group member could not be deleted, because memberUid: CM instead of cm +++ This bug was initially created as a clone of Bug #25838 +++ Bei folgender Gruppe # test, groups, update.test dn: cn=test,cn=groups,dc=update,dc=test sambaGroupType: 2 cn: test objectClass: top objectClass: posixGroup objectClass: univentionGroup objectClass: sambaGroupMapping objectClass: univentionObject univentionObjectType: groups/group gidNumber: 5014 sambaSID: S-1-5-21-2796199546-1396784971-2706387774-11029 uniqueMember: uid=Administrator,cn=users,dc=update,dc=test memberUid: administrator kann der Administrator nicht gelöscht werden, da administrator im Attribute memberUid kleingeschrieben wird. root@master:~# udm groups/group modify --dn cn=test,cn=groups,dc=update,dc=test --remove users="uid=Administrator,cn=users,dc=update,dc=test" Traceback (most recent call last): File "/usr/share/univention-directory-manager-tools/univention-cli-server", line 233, in doit output = univention.admincli.admin.doit(arglist) File "/usr/lib/pymodules/python2.6/univention/admincli/admin.py", line 939, in doit dn=object.modify() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 344, in modify return self._modify(modify_childs,ignore_license=ignore_license) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 863, in _modify self.lo.modify(self.dn, ml, ignore_license=ignore_license) File "/usr/lib/pymodules/python2.6/univention/admin/uldap.py", line 385, in modify raise univention.admin.uexceptions.ldapError, _err2str(msg) ldapError: No such attribute: modify/delete: memberUid: no such value Ändert man administrator in Administrator funktioniert es wieder: root@master:~# udm groups/group modify --dn cn=test,cn=groups,dc=update,dc=test --remove users="uid=Administrator,cn=users,dc=update,dc=test" Object modified: cn=test,cn=groups,dc=update,dc=test
Happened again : UCS 5.0-4 errata750
*** This bug has been marked as a duplicate of bug 54183 ***