Problem: udm complains about "is not recognized as users/user."

Knowledge Base Community
, , , ,
#1

Problem

The udm command complains about a wrong objectType when changing user properties:

root@ucs:~ #univention-admin users/user modify --dn="uid=user,cn=users,dc=example,dc=de" --set password="$PASSWORD"

The object type of this object differs from the specified object type: uid=user,cn=users,dc=example,dc=de is not recognized as users/user.

Environment

But the objectType is correct:

root@ucs:~ # ldapsearch -xLLL -D uid=Administrator,cn=users,dc=example,dc=de -W uid=user
Enter LDAP Password:
dn: uid=user,cn=users,dc=example,dc=de
[...]
univentionObjectType: users/user
objectClass: companyPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: krb5Principal
objectClass: organizationalPerson
objectClass: univentionPWHistory
objectClass: shadowAccount
objectClass: univentionObject
objectClass: posixAccount

Solution

Additionally to the above objectTypee and objectClass the user needs to have:
'posixAccount', 'shadowAccount', 'sambaSamAccount', 'person', 'krb5KDCEntry' and 'krb5Principal'
Otherwise the account is not recognized as fully qualified user.

Add the missing objectClasses to the user with ldapmodify:

root@ucs:/var/log# ldapmodify  -D "$( ucr get ldap/hostdn )" -y /etc/machine.secret <<EOR
dn: uid=user,cn=users,dc=example,dc=de
changetype: modify
add: objectClass
objectClass: sambaSamAccount
add: objectClass
objectClass: krb5KDCEntry
EOR
Mastodon