Problem: Ldap-Fehler: Type or value exists: memberUid: value provided more than once

Knowledge Base Community
, ,
#1

Problem:

Changing the uid shows the following ldap error

The LDAP object could not be saved: LDAP-Fehler: Type or value exists: memberUid: value #40379 provided more than once."

Solution:

The error is probably due to the fact that there is a duplicate uniqueMember entry in the Domain Users group, probably when a user is in two different positions. The error message therefore has nothing to do with the modified users, but with an already existing “error”/inconsistency.
The background to this is that the memberUid attribute has a check behind it, just like the uid itself, to ensure that it is unique. This does not exist for uniqueMember.

You can use this tool to check and fix groups:

/usr/share/univention-directory-manager-tools/proof_uniqueMembers
/usr/share/univention-directory-manager-tools/univention-sync-memberuid

# /usr/share/univention-directory-manager-tools/univention-sync-memberuid --help
usage: univention-sync-memberuid [-h] [-t] [-d DEBUG] [-c] [-g GROUPS]
                                 [-x EXCLUDE]

optional arguments:
  -h, --help            show this help message and exit
  -t, --test            just test the modification
  -d DEBUG              set debug level
  -c, --continue        continue on error
  -g GROUPS, --groups GROUPS
                        Only process the specified group
  -x EXCLUDE, --exclude EXCLUDE
                        Exclude the specified group
l# /usr/share/univention-directory-manager-tools/proof_uniqueMembers --help
usage: proof_uniqueMembers [-h] [-b BASEDN] [-c]

Check if users are member of their primary group.

optional arguments:
  -h, --help            show this help message and exit
  -b BASEDN, --base-dn BASEDN
                        ldap base DN for user search
  -c, --check           Only check, do not modify
1 Like
#2
Mastodon