On Mon, 2012-12-24 at 08:06 +0100, "Dr. Hansjörg Maurer" wrote: > Hi Andrew > > Please file a bug, so it isn't lost over the Christmas season, but > clearly I need to change the code not to rely on posixAccount and > posixGroup. The steps you performed are reasonable, and while we can > improve our tool to add that objectClass, if AD isn't adding it using > the standard GUI tools, we shouldn't require it either. > > done > > https://bugzilla.samba.org/show_bug.cgi?id=9520
Attached is an interim patch. Before we get this into master, I need to write a series of tests, because having this code untested is just causing us trouble. However, the attached should work, and so I would appreciate some testing if you have time. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
>From d082c2aeb7110295738a8c4e30ce08d997fb87dd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett <abart...@samba.org> Date: Wed, 26 Dec 2012 20:48:12 +1100 Subject: [PATCH] s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett --- source4/winbind/idmap.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c index a6cc88f..e11a8e4 100644 --- a/source4/winbind/idmap.c +++ b/source4/winbind/idmap.c @@ -236,8 +236,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, LDB_SCOPE_SUBTREE, sam_attrs, 0, "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))" - "(uidNumber=%u)(objectSid=*)" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(uidNumber=%u)(objectSid=*))", ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id); } else { /* If we are not to use the rfc2307 attributes, we just emulate a non-match */ @@ -274,8 +273,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, ldb_get_default_basedn(idmap_ctx->samdb), LDB_SCOPE_SUBTREE, sam_attrs, 0, - "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u)" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u))", ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP, unixid->id); } else { -- 1.7.11.7
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba