cannot change primaryGroupID LDAP error 53 [solved]
steve at steve-ss.com
Thu Apr 18 01:08:28 MDT 2013
On 04/17/2013 11:43 PM, David Mansfield wrote:
> On 04/17/2013 04:48 PM, steve wrote:
>> Version 4.0.6-GIT-4bebda4
>> When trying to change the primaryGroupID for a user using wither
>> ldbmodify or ldbedit:
>> failed to modify CN=dummy,CN=Users,DC=hh3,DC=site - LDAP error 53
>> LDAP_UNWILLING_TO_PERFORM - <error in module samldb: Unwilling to
>> perform (53)> <>
>> The last time I needed to do it was in alpha 18 hwen it worked OK.
>> Any ideas?
> I hit this too as I recall, and I'm doing the same as you (trying to
> use a samba4 DC for a bunch of linux machines). I based my perl
> scripts on many of your old examples (thanks by the way!).
> I think the cause/fix was:
> A user is not a "member" of the primary group (same applies to
> "memberOf"), but must be a "member" of all secondary groups, so
> logically, if you want to change the primary group, you must manage
> the "member" and "memberOf" attributes. However, you should not do
> this, because it will happen automatically.
> Ensure the user is a member of the soon-to-be primary group, then
> modify with:
> dn: $userDn
> changetype: modify
> replace: primarygroupid
> primarygroupid: $newPrimaryGroupId
> (and of course, $newPrimaryGroupId is the RID of the group)
> and you'll see the "member" was updated automatically.
> Hope this help,
> David Mansfield
Thanks, that's better. The user has to be a member before you set
primary. Also, you have to run dbcheck --fix all all afterwards.
More information about the samba-technical