smbldap-usermod -g in smbldap-tools 0.8.4

Jim McDonough jmcd at
Thu Mar 11 18:03:45 GMT 2004

I just want to make you aware that the "smbldap-usermod -g" function in
smbldap-tools 0.8.4 doesn't work as the "set primary group script", because
it changes the sambaPrimaryGroupSID attribute out from under samba, and in
3.0.2, at least, we do a conditional modify...which then fails because the
very attribute it's trying to set has been changed.

Basically, we do:
- ldapsearch for attributes (including sambaPrimaryGroupSID)
- call the set primary group script to set the _unix_ group
- ldapmodify (conditional: delete the value we received above, add the new

So, while it may be convenient from some places to figure out that setting
the gid means you should also change the primary group sid and do it
automatically, as the samba "set primary group script", it breaks us.

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at
jmcd at

Phone: (207) 885-5565
IBM tie-line: 776-9984

More information about the samba-technical mailing list