ldapsam_update_group_mapping_entry doesn't add the sambaGroupMapping objectClass when MODIFYING a mapping that involves a "simple" posixGroup entry in LDAP, like this one : dn: cn=myusers,ou=Users,dc=mydomain,dc=com objectClass: posixGroup gidNumber: 1012 cn: myusers memberUid: foouser The result is the mapping can't be modified, here is the error : ldapsam_update_group_mapping_entry: failed to modify group 1012 error: attribute 'sambaSID' not allowed (Object class violation) Could not update group database We don't get this error when we CREATE a mapping because the objectClass is automatically added.
This is by design. You don't have a group mapping with out the sambaGroupMapping objectClass so you create one (net groupmap add). Why do you consider this a bug?
You're right, but the purpose of the net groupmap modify command is to assign a gid to a SID already mapped *on the fly*. It means the new gid may (or may not) be already used in another mapping, so may or may not contain any mapping info. In my opinion this is to be verified : if new gid already used (contains mapping info) -> can't be re-mapped without deletion of the old entry. if not -> Ok, but doesn't contain mapping info, we should add the correct objectClass / info needed.
patches are welcome.
no response from reporter.