Q&A: Can I convert a ucs@school user (in the staff role) into a normal UCS user?

scheinig · July 15, 2024, 9:30am

Question:

Can I convert a ucs@school user (in the staff role) into a normal UCS user?

If I remove the UCS@school-staff role, I get the errormessage:

The LDAP object could not be saved: LDAP error: Object class violation: instantiation of abstract objectClass ‘ucsschoolType’ not allowed.

Answer:

Yes, you have to remove it via ldapmodify, because the attribute is bound to a specific object class.
You would have to replace the DN with that of your user and the ou from the role attribute:

ldapmodify  -x -D "cn=admin,$(ucr get ldap/base)" -y /etc/ldap.secret <<EOR
dn: uid=pola.mehrhofs,cn=lehrer und mitarbeiter,cn=users,ou=sun,dc=schein,dc=me
changetype: modify
delete: objectClass
objectClass: ucsschoolType
-
delete: ucsschoolRole
ucsschoolRole: staff:school:sun
EOR

modifying entry “uid=pola.mehrhofs,cn=lehrer und mitarbeiter,cn=users,ou=sun,dc=schein,dc=me”

scheinig · July 15, 2024, 9:30am