First Last Prev Next    This bug is not in your last search results.
Bug 32836 - Samba-Option not removable for various computer/ types
Samba-Option not removable for various computer/ types
Status: NEW
Product: UCS
Classification: Unclassified
Component: UMC - Computers
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 3.x
Assigned To: UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-10 10:07 CEST by Philipp Hahn
Modified: 2019-03-14 18:06 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Usability
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2013-10-10 10:07:51 CEST 
1. udm computers/memberserver create \
 --position "cn=computers,$(ucr get ldap/base)" \
 --set name=xxx \
 --set domain="$(ucr get domainname)"
2. goto UMC → Computers → xxx → [Options]
3. Remove "Samba account"
4. "Save changes"

Notification
The LDAP object could not be saved: LDAP Error Object class violation: attribute 'sambaPrimaryGroupSID' not allowed

diff --git a/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py b/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py
index 3cee015..d7a7f58 100644
--- a/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py
+++ b/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py
@@ -64,7 +64,6 @@ options={
 		),
 	'samba': univention.admin.option(
 			short_description=_('Samba account'),
-			editable=1,
 			default=1
 		)
 }
Comment 1 Philipp Hahn univentionstaff 2016-06-29 21:04:24 CEST 
Same for computers/domaincontroller_backup and computers/linux.
Strangely it works for one of my computers/memberserver.


# ldapsearch -xLLLo ldif-wrap=no -b cn=Subschema -s base objectClasses | grep --color sambaPrimaryGroupSID
objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ univentionSamba4SID $ sambaPasswordHistory $ sambaLogonHours ) )

This seems to be caused by "sambaPrimaryGroupSID" not being removed in _ldap_modlist() when option='samba' is deselected:
>	if self.exists() and self.option_toggled('samba') and 'samba' not in self.options:
>		for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]:
>			if self.oldattr.get(key, []):
>				ml.insert(0, (key, self.oldattr.get(key, []), ''))

BTW: "displayName" shouldn't be removed as it is allowed by other objectClasses as well:
 # ldapsearch -xLLLo ldif-wrap=no -b cn=Subschema -s base objectClasses | grep displayName | grep --only "NAME '[^']*'"
 NAME 'inetOrgPerson'
 NAME 'sambaSamAccount'
 NAME 'sambaGroupMapping'
 NAME 'univentionUserTemplate'
 NAME 'msGPOContainer'
 NAME 'msPrintConnectionPolicy'

Maybe we should teach UDM to force-remove the attributes of the removed objectClasses, similar to _ldap_object_classes() ?
Comment 2 Florian Best univentionstaff 2019-03-14 18:06:16 CET 
Still happens with UCS 4.4.
First Last Prev Next    This bug is not in your last search results.