Univention Bugzilla – Bug 35515
Setting multiple account deactivation attributes at once yields cryptic LDAP error
Last modified: 2017-08-30 10:45:24 CEST
Setting "Account deactivation=all, Locked login methods=all, Account expiry date=value" all at once yields The LDAP object could not be saved: LDAP Error Constraint violation: attribute 'shadowExpire' cannot have multiple values Strangely, setting it one after another, it works. Have not tried every combination.
@Daniel: FYI: this was what happened to you.
Yes - good find. I did: # udm_obj["userexpiry"]="YYYY-MM-DD" # udm_obj.modify() # user.disabled="none" # user.modify() Where user is a ucsschool-lib mapped UDM object and udm_obj a normal users/user UDM object. The last modify probably found a difference between its cached udm instance and the one I changed and tried to set both userexpiry (back to '') and whatever "disabled" does.
Can't reproduce. Next time please add the command line output and the state of the objects. # udm users/user modify --dn uid=muestermann5,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local --set locked=all --set disabled=all --set userexpiry=2017-08-04 Object modified: uid=muestermann5,cn=schueler,cn=users,ou=oldschool,dc=school,dc=local