Bug 3234 - delete ldap user bonks on reused attributes
Summary: delete ldap user bonks on reused attributes
Status: NEW
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.20b
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-11-02 15:46 UTC by Eric A. Hall
Modified: 2005-11-02 15:46 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Eric A. Hall 2005-11-02 15:46:58 UTC
When deleting a user (via usrmgr.exe or similar), SAMBA appears to remove the
relevant objectclass and some attributes, but it doesn't remove all of them, and
this can cause the ldap modification to fail. Specifically:

[2005/11/02 17:21:17, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(340)
  ldapsam_delete_entry: Could not delete attributes for
uid=test,ou=Users,dc=labs,dc=ntrg,dc=com, error: Object class violation
(attribute 'displayName' not allowed)

Other objectClasses use displayName (including inetOrgPerson), so I can see why
the safe/default behavior would be to leave this alone. But in the absence of
those other objectClasses, the attribute is orphaned (as in this case), and the
modification fails.

The hard/complex/correct behavior would be to probe the other objectclasses and
schema, to see if any other bound objectclasses might be using those attributes.

A simpler but less-correct method might be to define another option, such as
"delete all attributes", which would cause all of the reused attributes WITH THE
EXCEPTION OF UID to be deleted.