ldapsam_update_group_mapping_entry doesn't add the sambaGroupMapping
objectClass when MODIFYING a mapping that involves a "simple" posixGroup
entry in LDAP, like this one :
The result is the mapping can't be modified, here is the error :
ldapsam_update_group_mapping_entry: failed to modify group 1012 error:
attribute 'sambaSID' not allowed (Object class violation)
Could not update group database
We don't get this error when we CREATE a mapping because the objectClass is
This is by design. You don't have a group mapping
with out the sambaGroupMapping objectClass so you
create one (net groupmap add). Why do you consider
this a bug?
You're right, but the purpose of the net groupmap modify command is to assign a
gid to a SID already mapped *on the fly*. It means the new gid may (or may not)
be already used in another mapping, so may or may not contain any mapping info.
In my opinion this is to be verified :
if new gid already used (contains mapping info) -> can't be re-mapped without
deletion of the old entry.
if not -> Ok, but doesn't contain mapping info, we should add the correct
objectClass / info needed.
patches are welcome.
no response from reporter.