Problem

Renaming a user fails with an error:
LDAP Error: Type or value exists: memberUid: value #1091 provided more than once

Environment

Verify if you are affected by the issue. You can verify by the following steps (optional).

Step 1

Create a user:

udm users/user create \
--position "cn=schueler,cn=users,ou=unterricht,dc=multi,dc=ucs" \
--set username=renametest --set lastname="ln-renametest" \
--set password="ThisIsAnInsecurePassword"

Step 2

Add the user to the group “students”:

udm users/user modify \
--dn uid=renametest,cn=schueler,cn=users,ou=unterricht,dc=multi,dc=ucs \
--append groups="cn=students,cn=schueler,cn=groups,ou=unterricht,dc=multi,dc=ucs"

Step 3

Verify the user exists and is configured properly:

univention-ldapsearch -LL cn=students memberUid uniqueMember | grep rename

  memberUid: renametest
  uniqueMember: uid=renametest,cn=schueler,cn=users,ou=unterricht,dc=multi,dc=ucs

Step 4

Now try to rename the user:

udm users/user modify \
--dn="uid=renametest,cn=schueler,cn=users,ou=unterricht,dc=multi,dc=ucs" \
--set username=renametest2

Object modified:
uid=renametest,cn=schueler,cn=users,ou=unterricht,dc=multi,dc=ucs

LDAP Error: Type or value exists: memberUid: value #1091 provided more than once

Solution

This might be happening because of some inconsistencies in group membership.

Run the tool /usr/share/univention-directory-manager-tools/proof_uniqueMembers which will fix the inconsistencies and afterwards user rename should work fine.