Unable to change user attributes after update from 4.1 to 4.2.3

ldap

#1

Hi all,

UCS-Version 4.2-3 errata0

we have updated recently from 4.1 to 4.2-3 errata0. I know that we are still behind 4.3 but we are a little bit conservative and try to keep everything as stable as possible…

Since the update we can not change attributes from LDAP user entries which where disabled while updating. When we change a attribute (password, description…) we get the notification:
“The LDAP object could not be saved: LDAP Error Cannot modify object class: structural object class modification from ‘person’ to ‘inetOrgPerson’ not allowed”

I compared the LDAP entries for a new user with one of the old users which can not be changed. It seams that a new user has way more LDAP attributes.

Is there a way to solve this problem for example to somehow convert the old users to the new structure? Would an update to 4.3 solve the issue for sure?

Best regards
Thomas

PS: ich kann auch auf Deutsch schreiben, falls das für jemanden der helfen will, leichter ist…

old user: univention-ldapsearch

# extended LDIF
#
# LDAPv3
# base <dc=sdr-teaching,dc=commit> (default) with scope subtree
# filter: uid=IDS_group_1
# requesting: ALL
#

# IDS_group_1, users, sdr-teaching.commit
dn: uid=IDS_group_1,cn=users,dc=sdr-teaching,dc=commit
uid: IDS_group_1
krb5PrincipalName: IDS_group_1@SDR-TEACHING.COMMIT
objectClass: top
objectClass: person
objectClass: univentionPWHistory
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: univentionObject
uidNumber: 2024
sambaAcctFlags: [U          ]
krb5MaxLife: 86400
cn: IDS_group_1
krb5MaxRenew: 604800
sambaMungedDial: bQAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABkA
 AEAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAUAAFABoACA
 ABAEMAdAB4AEMAZgBnAFAAcgBlAHMAZQBuAHQANTUxZTBiYjAYAAgAAQBDAHQAeABDAGYAZwBGAGw
 AYQBnAHMAMQAwMDAwMDEwMA==
sambaProfilePath: \\ucs\profiles\IDS_group_1
loginShell: /bin/bash
univentionObjectType: users/user
displayName: IDS_group_1
gecos: IDS_group_1
sn: IDS_group_1
homeDirectory: /home/IDS_group_1
gidNumber: 5001

new user: univention-ldapsearch

# extended LDIF
#
# LDAPv3
# base <dc=sdr-teaching,dc=commit> (default) with scope subtree
# filter: uid=IDS_group_S1
# requesting: ALL
#

# IDS_group_S1, users, sdr-teaching.commit
dn: uid=IDS_group_S1,cn=users,dc=sdr-teaching,dc=commit
uid: IDS_group_S1
krb5PrincipalName: IDS_group_S1@SDR-TEACHING.COMMIT
sambaProfilePath: \\ucs\profiles\IDS_group_S1
uidNumber: 2061
sambaAcctFlags: [U          ]
sambaBadPasswordCount: 0
krb5MaxLife: 86400
shadowLastChange: 17634
cn: IDS_group_S1
krb5MaxRenew: 604800
sambaBadPasswordTime: 0
loginShell: /bin/bash
univentionObjectType: users/user
krb5KDCFlags: 126
displayName: IDS_group_S1
objectClass: krb5KDCEntry
objectClass: organizationalPerson
objectClass: top
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: person
objectClass: univentionPWHistory
objectClass: shadowAccount
objectClass: univentionObject
objectClass: univentionMail
objectClass: krb5Principal
objectClass: posixAccount
gecos: IDS_group_S1
sn: IDS_group_S1
homeDirectory: /home/IDS_group_S1
gidNumber: 5001

#2

Is it really 4.2-3 errata0? Do you have a full backup of the system?
I suggest to update to the latest errata upgrade (342) and check again.