Index: univention-directory-manager-modules/modules/univention/admin/uexceptions.py =================================================================== --- univention-directory-manager-modules/modules/univention/admin/uexceptions.py (Revision 45574) +++ univention-directory-manager-modules/modules/univention/admin/uexceptions.py (Arbeitskopie) @@ -109,9 +109,9 @@ class adGroupTypeChangeGlobalToUniversal(base): message = _('The AD group type can not be changed from global to universal, because the group is member of another global group.') class adGroupTypeChangeDomainLocalToUniversal(base): - message = _("The AD group type can not be changed from domain local to universal, because the group is member of another domain local group.") + message = _("The AD group type can not be changed from domain local to universal, because the group has at least one domain local group as member.") class adGroupTypeChangeUniversalToGlobal(base): - message = _("The AD group type can not be changed from universal to global, because the group is member of another universal group.") + message = _("The AD group type can not be changed from universal to global, because the group has at least obe universal group as member.") class adGroupTypeChangeGlobalToDomainLocal(base): message = _("The AD group type can not be changed from global to domain local.") Index: univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py =================================================================== --- univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py (Revision 45574) +++ univention-directory-manager-modules/modules/univention/admin/handlers/groups/group.py (Arbeitskopie) @@ -947,7 +947,7 @@ except ValueError: return False - def _has_another_global_member(self): + def _is_member_of_global_group(self): searchResult = self.lo.search(base=self.position.getDomain(), filter='(uniqueMember=%s)' % self.dn, attr=['univentionGroupType']) for (dn,attr) in searchResult: groupType = attr.get('univentionGroupType', [None])[0] @@ -955,20 +955,30 @@ return True return False - def _has_another_domain_local_member(self): - searchResult = self.lo.search(base=self.position.getDomain(), filter='(uniqueMember=%s)' % self.dn, attr=['univentionGroupType']) - for (dn,attr) in searchResult: - groupType = attr.get('univentionGroupType', [None])[0] - if self.__is_groupType_domain_local(groupType): - return True + def _has_domain_local_member(self): + for member_dn in self.oldattr.get('uniqueMember'): + searchResult = self.lo.search(base=member_dn, attr=['univentionGroupType']) + if searchResult: + (dn, attr) = searchResult + groupType = attr.get('univentionGroupType', [None])[0] + if self.__is_groupType_domain_local(groupType): + return True + else: + univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'groups/group: uniqueMember %s not found during groupType check' % (member_dn,)) + raise univention.admin.uexceptions.invalidChild return False - def _has_another_universal_member(self): - searchResult = self.lo.search(base=self.position.getDomain(), filter='(uniqueMember=%s)' % self.dn, attr=['univentionGroupType']) - for (dn,attr) in searchResult: - groupType = attr.get('univentionGroupType', [None])[0] - if self.__is_groupType_universal(groupType): - return True + def _has_universal_member(self): + for member_dn in self.oldattr.get('uniqueMember'): + searchResult = self.lo.search(base=member_dn, attr=['univentionGroupType']) + if searchResult: + (dn, attr) = searchResult + groupType = attr.get('univentionGroupType', [None])[0] + if self.__is_groupType_universal(groupType): + return True + else: + univention.debug.debug(univention.debug.ADMIN, univention.debug.ERROR, 'groups/group: uniqueMember %s not found during groupType check' % (member_dn,)) + raise univention.admin.uexceptions.invalidChild return False def check_ad_group_type_change(self): @@ -1001,19 +1011,19 @@ # Global to universal: # This conversion is allowed only if the group that you want to change is not a member of # another global scope group. - if self._has_another_global_member(): + if self._is_member_of_global_group(): raise univention.admin.uexceptions.adGroupTypeChangeGlobalToUniversal elif self.__is_groupType_domain_local(old_groupType) and self.__is_groupType_universal(new_groupType): # Domain local to universal: # This conversion is allowed only if the group that you want to change does not have # another domain local group as a member. - if self._has_another_domain_local_member(): + if self._has_domain_local_member(): raise univention.admin.uexceptions.adGroupTypeChangeDomainLocalToUniversal elif self.__is_groupType_universal(old_groupType) and self.__is_groupType_global(new_groupType): # Universal to global: # This conversion is allowed only if the group that you want to change does not have # another universal group as a member. - if self._has_another_universal_member(): + if self._has_universal_member(): raise univention.admin.uexceptions.adGroupTypeChangeUniversalToGlobal def __generate_group_sid(self, gidNum):