Problem: Syntax UserDN is not updated, when dn changed

Knowledge Base Community
, ,
1

Problem:

You created an extended attribute, with syntax UserDN like this:

base="cn=univention,$(ucr get ldap/base)"
udm settings/extended_attribute create --position "cn=custom attributes,$base" \
 --set name="DelegateUser" \
 --set module='users/user' \
 --set tabName='Microsoft 365' \
 --set groupName='DEU' \
 --set shortDescription='Delegated User' \
 --set translationShortDescription='"de_DE" "Postfachstellvertretung"' \
 --set longDescription='users who are allowed to access the mailbox of the current user' \
 --set translationLongDescription='"de_DE" "Personen, welche auf das Postfach der derzeitigen Person zugreifen dürfen"' \
 --set objectClass='univentionFreeAttributes' \
 --set ldapMapping='univentionFreeAttribute7' \
 --set syntax="UserDN" \
 --set mayChange=1 \
 --set valueRequired=0 \
 --set doNotSearch=1 \
 --set multivalue=1 \
 --set default="" \
 --set copyable=1

If you rename a user (wedding) this UserDN is not updated in this attribute field. This is because there is no mechanism behind that. So you have to create a hook, watching the changes or more simple and easier you use the refint overlay.

Solution:

root@ucs:~# ucr info ldap/refint
ldap/refint: false
 Whether or not the refint overlay should be enabled. It enforces referential integrity for the attribute uniqueMember. Only applies to the DC Master.
 Categories: service-ldap
 Default: true
 Type: bool

You set the ldap/refint

root@ucs:~# ucr set ldap/refint='true' 
Setting ldap/refint
Multifile: /etc/ldap/slapd.conf

Per default only uniqueMember is watched, so you have to adjust (unfortunately directly in the template)

vim /etc/univention/templates/files/etc/ldap/slapd.conf.d/40univention-ldap-server_database 
[...]
if configRegistry.is_true('ldap/refint', True) and configRegistry.get('server/role') == 'domaincontroller_master':
    print('overlay\t\trefint')
    # print('refint_attributes\t\tuniqueMember')
    print('refint_attributes\t\tuniqueMember\tuniventionFreeAttribute7\tuniventionFreeAttribute8 ')
[...]

Commit the /etc/ldap/slapd.conf

ucr commit /etc/ldap/slapd.conf
systemctl restart slapd

But you have to be aware, that future changes at the modified template by an update may not happen due to these changes!

root@ucs:~# univention-check-templates 
WARNING: The following UCR files are modified locally.
Updated versions will be named FILENAME.dpkg-*.
The files should be checked for differences.

/etc/univention/templates/files/etc/ldap/slapd.conf.d/40univention-ldap-server_database