Remove orphaned Ldap objectclass refrence from user

RayFromOz · March 1, 2023, 6:24am

Hi There,

I have a user account [Me] still containing LDAP entries for Guacamole on my directory. Guacamole was removed from the server long ago.

Having upgraded to UCS5, I am now unable to edit the user profile in UMC. When I try to save, I get…

Notification
The LDAP object could not be saved: LDAP Error: Object class violation: unrecognized objectClass ‘guacamoleUser’.

Univention-ldapSearch shows “objectClass: guacamoleUser” in the user attributes.

I assume I need to use ldapmodify to remove the attributes from the user entry but Ive never done this before.

Can somebody offer a step by step guide?

RayFromOz · March 1, 2023, 11:07am

The user objectClass list is
objectClass: krb5KDCEntry
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: person
objectClass: automount
objectClass: nextcloudUser
objectClass: kopano-user
objectClass: univentionSAMLEnabled
objectClass: krb5Principal
objectClass: guacamoleUser
objectClass: organizationalPerson
objectClass: univentionPWHistory
objectClass: shadowAccount
objectClass: univentionObject
objectClass: univentionMail
objectClass: inetOrgPerson
objectClass: top
objectClass: univentionNetworkAccess
objectClass: univentionOpenvpnUser

OK so I had a crack at using ldapmodify with an LDIF file to remove the guacamoleUser objectClass attribute, but I’m getting a syntax error.

The LDIF contains the following d
dn: uid=ray,cn=users,dc=,dc=net
changetype: modify
delete: objectClass
objectClass: guacamoleUser

command line is ldapmodify -c -D uid=Administrator,cn=users,dc=,dc=net -W -f fixray.ldif

The error output is

modifying entry “uid=ray,cn=users,dc=,dc=net”
ldap_modify: Invalid syntax (21)
additional info: objectClass: value #0 invalid per syntax

I can’t work out what this syntax error is. Anyone have ideas?

talleyrand · March 2, 2023, 9:23am

what is the “dc=,” ?
“uid=ray,cn=users,dc=,dc=net”

you have your users directly under “net”?
surely you have a domain name?

RayFromOz · March 2, 2023, 9:23am

Update: So I’m now thinking that I cant delete the orphaned objectClass refrence as there is no schema entry to match it. How the hell am I supposed to remove it then? There doesn’t seem to be a way of overriding schema checks.

RayFromOz · March 2, 2023, 9:40am

Id removed the domain name in the post. Somehow the tag that I thought Id replaced it with went missing.

Ive just resolved the issue by reinstalling Guacamole, updating the user record and then uninstalling guacamole again after the update.

A bit of a runaround but its fixed now.