Samba4 primaryGroupID problem

steve steve at steve-ss.com
Tue May 1 12:53:23 MDT 2012


On 05/01/2012 08:40 PM, steve wrote:
> On 05/01/2012 06:58 PM, Matthias Dieter Wallnöfer wrote:
>> Hi steve,
>>
>> steve schrieb:
>>> Hi
>>> user steve2
>>> memberOf: cn=laser,cn=Users,dc=foo,dc=bar
>>> primaryGroupID: 513
>>>
>>>
>>> After setting primaryGroupID for steve2 to 'laser' by replacing the 
>>> primaryGroupID 513 with that of 'laser', 1108 in this case, the 
>>> memberOf attribute remains.
>> the "memberOf" attribute which refers to "CN=Domain 
>> Users,CN=Users,..."? This is correct AD behaviour.
>>>
>>> Reverting steve2 to primaryGroupID 513 and then attempting to remove 
>>> the group membership:
>>>
>>> samba-tool group removemembers laser steve2
>>> completes but the attribute remains.
>>>
>>> using ldbedit in an attempt to remove it gives:
>>> failed to modify CN=steve2,CN=Users,DC=polop,DC=site - LDAP error 53 
>>> LDAP_UNWILLING_TO_PERFORM - <00002035: objectclass_attrs: attribute 
>>> 'memberOf' on entry 'CN=steve2,CN=Users,DC=polop,DC=site' must not 
>>> be modified directly, it is a linked attribute> <>
>> You cannot change "memberOf" directly, only the "member" attributes 
>> on the group objects (in this case "cn=laser, cn=Users,...") are 
>> writeable/deletable.
>>>
>>> Any ideas?
>>> Cheers,
>>> Steve
> steve2 begins life as a member of Domain Users (513). He is a member 
> by primaryGroupID. He does not have a member attribute in Domain Users.
>
> I add steve2 to laser:
> samba-tool group addmembers laser steve2
>
> steve2 now has a memberOf attribute under dn:steve2 and there is also 
> a member attribute under dn: laser
>
> I now change the primaryGroupID of steve2 to laser (1108). The 
> memberOf attribute should be removed as steve2 is now a member of 
> laser via primaryGroupID, not by memberOf. However, the attribute 
> remains and I have to run:
>
> samba-tool dbcheck --fix
> to correct it.
>
> Cheers,
> Steve
Hi again,

Further:
If I set steve2 back to primayGroupID Domain Users (513) and then run
  samba-tool group removemembers laser steve2

it does not delete the entry even though it completes without error.
Cheers,
Steve


More information about the samba-technical mailing list