Univention Bugzilla – Bug 32836
Samba-Option not removable for various computer/ types
Last modified: 2019-03-14 18:06:16 CET
1. udm computers/memberserver create \ --position "cn=computers,$(ucr get ldap/base)" \ --set name=xxx \ --set domain="$(ucr get domainname)" 2. goto UMC → Computers → xxx → [Options] 3. Remove "Samba account" 4. "Save changes" Notification The LDAP object could not be saved: LDAP Error Object class violation: attribute 'sambaPrimaryGroupSID' not allowed diff --git a/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py b/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py index 3cee015..d7a7f58 100644 --- a/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py +++ b/branches/ucs-3.2/ucs-3.2-0/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/memberserver.py @@ -64,7 +64,6 @@ options={ ), 'samba': univention.admin.option( short_description=_('Samba account'), - editable=1, default=1 ) }
Same for computers/domaincontroller_backup and computers/linux. Strangely it works for one of my computers/memberserver. # ldapsearch -xLLLo ldif-wrap=no -b cn=Subschema -s base objectClasses | grep --color sambaPrimaryGroupSID objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ univentionSamba4SID $ sambaPasswordHistory $ sambaLogonHours ) ) This seems to be caused by "sambaPrimaryGroupSID" not being removed in _ldap_modlist() when option='samba' is deselected: > if self.exists() and self.option_toggled('samba') and 'samba' not in self.options: > for key in [ 'sambaSID', 'sambaAcctFlags', 'sambaNTPassword', 'sambaLMPassword', 'sambaPwdLastSet', 'displayName' ]: > if self.oldattr.get(key, []): > ml.insert(0, (key, self.oldattr.get(key, []), '')) BTW: "displayName" shouldn't be removed as it is allowed by other objectClasses as well: # ldapsearch -xLLLo ldif-wrap=no -b cn=Subschema -s base objectClasses | grep displayName | grep --only "NAME '[^']*'" NAME 'inetOrgPerson' NAME 'sambaSamAccount' NAME 'sambaGroupMapping' NAME 'univentionUserTemplate' NAME 'msGPOContainer' NAME 'msPrintConnectionPolicy' Maybe we should teach UDM to force-remove the attributes of the removed objectClasses, similar to _ldap_object_classes() ?
Still happens with UCS 4.4.