when a user is deleted and "ldap delete dn" is set, Samba should clean up all memberUID entries in groups, too. Currently those memberUID entries are kept untouched.
we can do this but only for ldapsam:editposix=yes
as ldap delete dn does not use the ldap scripts I think the memberUID attributes should also be cleaned up if editposix is not used
Created attachment 4374 [details] patch for pdb_ldap delete user path This patch tries first to remove all membership before the real account deletion.
Created attachment 4624 [details] same patch that cleanly applies to 3-4-test
Karolin, please pick for 3.4.1.
Pushed, closing out bug report. Thanks!