Samba4 primaryGroupID problem
Matthias Dieter Wallnöfer
mdw at samba.org
Tue May 1 10:58:12 MDT 2012
Hi steve,
steve schrieb:
> Hi
> user steve2
> memberOf: cn=laser,cn=Users,dc=foo,dc=bar
> primaryGroupID: 513
>
>
> After setting primaryGroupID for steve2 to 'laser' by replacing the
> primaryGroupID 513 with that of 'laser', 1108 in this case, the
> memberOf attribute remains.
the "memberOf" attribute which refers to "CN=Domain Users,CN=Users,..."?
This is correct AD behaviour.
>
> Reverting steve2 to primaryGroupID 513 and then attempting to remove
> the group membership:
>
> samba-tool group removemembers laser steve2
> completes but the attribute remains.
>
> using ldbedit in an attempt to remove it gives:
> failed to modify CN=steve2,CN=Users,DC=polop,DC=site - LDAP error 53
> LDAP_UNWILLING_TO_PERFORM - <00002035: objectclass_attrs: attribute
> 'memberOf' on entry 'CN=steve2,CN=Users,DC=polop,DC=site' must not be
> modified directly, it is a linked attribute> <>
You cannot change "memberOf" directly, only the "member" attributes on
the group objects (in this case "cn=laser, cn=Users,...") are
writeable/deletable.
>
> Any ideas?
> Cheers,
> Steve
More information about the samba-technical
mailing list