Bug 51771 - make "uniqueMember" optional for primary group
make "uniqueMember" optional for primary group
Status: NEW
Product: UCS
Classification: Unclassified
Component: UDM (Generic)
UCS 5.0
Other Linux
: P5 enhancement (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-05 10:40 CEST by Ingo Steuwer
Modified: 2022-10-14 16:14 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): API change
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2020-08-05 10:40:56 CEST
In POSIX environments, the primary group is only assigned as gidNumber to an user. In UCS, we store this group membership also as "uniqueMember".

In larger enviroments the default primary group "Domain Admins" is getting very big and changes are slow, for example because OpenLDAP has to do complex index updates.

We should check if we can introduce a configuration option to deactivate the maintenance of "uniqueMember" for primary groups in UDM.

Some things are going to "break", examples:

* sending Mails to an address assigned to the primary group
* AD and S4 connector might fail
* LDAP ACLs won't work if based on this group
Comment 1 Florian Best univentionstaff 2022-10-14 16:10:50 CEST
There is already a UCR variable for that: directory/manager/user/primarygroup/update=false.