Univention Bugzilla – Bug 54297
memberUid is missing after updating group users with the same uid
Last modified: 2022-02-24 10:18:15 CET
The customer has the Cool Solution user-group-sync at work which synchronizes two domains via serializing users & groups from the source system and modifying them via UDM at the destination system. If a user is moved his uid remains the same, but the DN changes. While updating its groups, the uniqueMember is updated, but the memberUid value is missing afterwards. The same can be achieved by changing the DN of a user currently in a group: $ udm groups/group create --position cn=groups,dc=test,dc=de --set name=testgroup --set users=uid=testuser,cn=users,dc=test,dc=de Object created: cn=testgroup,cn=groups,dc=test,dc=de $ univention-ldapsearch -LLL cn=testgroup uniqueMember memberUid dn: cn=testgroup,cn=groups,dc=test,dc=de memberUid: testuser uniqueMember: uid=testuser,cn=users,dc=local,dc=test,dc=de $ udm groups/group modify --dn cn=testgroup,cn=groups,dc=test,dc=de --set users=uid=testuser,cn=Employees,cn=users,dc=test,dc=de $ univention-ldapsearch -LLL cn=testgroup uniqueMember memberUid dn: cn=testgroup,cn=groups,dc=test,dc=de uniqueMember: uid=testuser,cn=Employees,cn=users,dc=local,dc=test,dc=de Therefore the memberUid should remain untouched instead of being removed.
UCS greater than https://errata.software-univention.de/#/?erratum=4.4x1128 ?
No - The bug was reported 5 months ago, but after reviewing the code yesterday with Julia & Dirk I am tempted to say that this never worked correctly.
Issue: https://git.knut.univention.de/univention/non-product-issues/-/issues/55 MR: https://git.knut.univention.de/univention/ucs/-/merge_requests/257
Solved and validate that work as expected, for udm `groups/group` operations in objects with same uid and different DN: f41a4d712a Bug #54297: update YAML for univention-directory-manager-modules 85390049cc Bug #54297: ucs test validation for uniquemember modification attribute 0a1d3a0ef2 Bug #54297: memberUid attribute missing when update uniquemember on LDAP group
OK: Setting users to groups with the same uid, but different dns works OK: Memberuid attribute still exists OK: Test OK: Jenkins-Test OK: Yaml Verified
<https://errata.software-univention.de/#/?erratum=5.0x222>