cannot change primaryGroupID LDAP error 53
David Mansfield
samba at dm.cobite.com
Wed Apr 17 15:43:40 MDT 2013
On 04/17/2013 04:48 PM, steve wrote:
> Version 4.0.6-GIT-4bebda4
> Hi
> When trying to change the primaryGroupID for a user using wither
> ldbmodify or ldbedit:
>
> failed to modify CN=dummy,CN=Users,DC=hh3,DC=site - LDAP error 53
> LDAP_UNWILLING_TO_PERFORM - <error in module samldb: Unwilling to
> perform (53)> <>
>
> The last time I needed to do it was in alpha 18 hwen it worked OK.
>
> Any ideas?
> Cheers,
> Steve
I hit this too as I recall, and I'm doing the same as you (trying to use
a samba4 DC for a bunch of linux machines). I based my perl scripts on
many of your old examples (thanks by the way!).
I think the cause/fix was:
A user is not a "member" of the primary group (same applies to
"memberOf"), but must be a "member" of all secondary groups, so
logically, if you want to change the primary group, you must manage the
"member" and "memberOf" attributes. However, you should not do this,
because it will happen automatically.
Ensure the user is a member of the soon-to-be primary group, then modify
with:
dn: $userDn
changetype: modify
replace: primarygroupid
primarygroupid: $newPrimaryGroupId
(and of course, $newPrimaryGroupId is the RID of the group)
and you'll see the "member" was updated automatically.
Hope this help,
David Mansfield
More information about the samba-technical
mailing list