diff --git a/actions/remove-ldap-user-from-group b/actions/remove-ldap-user-from-group
index 4c0756b16..9db407900 100755
--- a/actions/remove-ldap-user-from-group
+++ b/actions/remove-ldap-user-from-group
@@ -45,7 +45,7 @@ elif [ $? -eq 65 ]; then
     fi
 fi
 
-if [ "$groupname" == "admin" ]; then
+if [ "$groupname" = "admin" ]; then
     # update sudo group if needed
     results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=sudo,ou=groups,dc=thisbox' -LLL "(memberUid=$username)")
 
diff --git a/plinth/modules/users/forms.py b/plinth/modules/users/forms.py
index 5bd212158..0efe16f11 100644
--- a/plinth/modules/users/forms.py
+++ b/plinth/modules/users/forms.py
@@ -109,6 +109,11 @@ class UserUpdateForm(forms.ModelForm):
         user = super(UserUpdateForm, self).save(commit)
 
         if commit:
+            output = actions.superuser_run('get-ldap-user-groups',
+                                           [self.username])
+            old_groups = output.strip().split('\n')
+            old_groups = list(filter(None, old_groups))  # remove blank strings
+
             if self.username != user.get_username():
                 try:
                     actions.superuser_run('rename-ldap-user',
@@ -117,9 +122,6 @@ class UserUpdateForm(forms.ModelForm):
                     messages.error(self.request,
                                    _('Renaming LDAP user failed.'))
 
-            output = actions.superuser_run('get-ldap-user-groups',
-                                           [user.get_username()])
-            old_groups = output.strip().split('\n')
             new_groups = user.groups.values_list('name', flat=True)
             for old_group in old_groups:
                 if old_group not in new_groups: