On Fri, 2003-01-24 at 15:08, Ken Cross wrote:
> Hmm ... the helpful email client wrapped some of the lines.  The patch
> is attached.
> 
> Ken
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Ken Cross
> Sent: Thursday, January 23, 2003 11:01 PM
> To: [EMAIL PROTECTED]
> Subject: Finding group members - fix to winbindd_ads.c
> 
> 
> Samba-folk:
> 
> There's a problem in the SAMBA_3_0 finding all members of a group using
> LDAP (lookup_groupmem in nsswitch/winbindd_ads.c).
> 
> It currently gets all the "member" records for a group, but the primary
> group membership for users don't get included in that set.  
> 
> The primaryGroupID in user records is the RID of the primary group. That
> should be included in enumerating the members of any group.
> 
> The patch below fixes this.
> 
> Ken Cross
> Network Storage Solutions

I didn't see anybody pick this up, so I just figured I would let you
know that I've at least seen it.   It's interesting that AD allows such
a situation to occur at all, with its 'all groups are equal' stuff.

I'll see if I can get a test environment for this - but I'm pretty busy
at the moment (the patch looks fine, so if somebody else wants to commit
it go right ahead).  

Finally, it's good to see a few more companies in the Samba 3.0 game -
feel free to join the #samba-technical IRC channel on irc.freenode.net. 
A number of the samba team as well as folk from other Samba-3.0 NAS
vendors can be found there from time to time.  And don't be afraid to
repost a patch if it seems to have been ignored.

Andrew Bartlett

-- 
Andrew Bartlett                                 [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org     http://build.samba.org     http://hawkerc.net

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to