Problem: Users are still in some groups, after they are deleted

Problem:

Users are still in some groups, after they are deleted

Investigation:

/usr/share/univention-directory-manager-tools/proof_uniqueMembers -c 2>&1 | tee -a 2022-02-01_proof_uniqueMembers

Also check for case differences in uniquemember and memberuid in the groups and compare them with the uid of the user.

Solution:

In most cases the “uid” attribute is case-insensitive, but querying the group attribute “uniqueMember” or “memberUid” -the “uid” is (part of) the value and those ldap queries are case sensitive

Object created: uid=univentiontest4,cn=users,dc=schein,dc=ig

 udm groups/group modify --dn 'cn=lehrer-sun,cn=groups,ou=SUN,dc=schein,dc=ig' --append users='uid=UNIVENTIONTEST4,cn=users,dc=schein,dc=ig'
Object modified: cn=lehrer-sun,cn=groups,ou=SUN,dc=schein,dc=ig

root@ucs-master:~/univention-support# udm users/user remove --dn uid=univentiontest4,cn=users,dc=schein,dc=ig  
No such attribute
→ but is deleted

Afterwards:
univention-ldapsearch -LLL cn=lehrer-sun |grep -i univentiontest4
memberUid: UNIVENTIONTEST4
uniqueMember: uid=UNIVENTIONTEST4,cn=users,dc=schein,dc=ig
Mastodon