1. udm computers/memberserver create \ --position "cn=computers,$(ucr get ldap/base)" \ --set name=xxx \ --set domain="$(ucr get domainname)" 2. goto UMC → Computers → xxx → [Options] 3. Remove "Samba account" 4. "Save changes" Notification The LDAP object could not be saved: LDAP Error Object class violation: attribute 'sambaPrimaryGroupSID' not allowed diff --git a/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py b/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py index 3cee015..d7a7f58 100644 --- a/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py +++ b/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py @@ -64,7 +64,6 @@ options={ ), 'samba': univention.admin.option( short_description=_('Samba account'), - editable=1, default=1 ) }
Same for computers/domaincontroller_backup and computers/linux. Strangely it works for one of my computers/memberserver. # ldapsearch -xLLLo ldif-wrap=no -b cn=Subschema -s base objectClasses | grep --color sambaPrimaryGroupSID objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ univentionSamba4SID $ sambaPasswordHistory $ sambaLogonHours ) ) This seems to be caused by "sambaPrimaryGroupSID" not being removed in _ldap_modlist() when option='samba' is deselected: > if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: > for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: > if self.oldattr.get(key, []): > ml.insert(0, (key, self.oldattr.get(key, []), '')) BTW: "displayName" shouldn't be removed as it is allowed by other objectClasses as well: # ldapsearch -xLLLo ldif-wrap=no -b cn=Subschema -s base objectClasses | grep displayName | grep --only "NAME '[^']*'" NAME 'inetOrgPerson' NAME 'sambaSamAccount' NAME 'sambaGroupMapping' NAME 'univentionUserTemplate' NAME 'msGPOContainer' NAME 'msPrintConnectionPolicy' Maybe we should teach UDM to force-remove the attributes of the removed objectClasses, similar to _ldap_object_classes() ?
Still happens with UCS 4.4.
This issue has been filed against UCS 4.4. UCS 4.4 is out of general maintenance and components may have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.