[Samba] [PATCH] Re: Samba 4, Winbind & RFC2307

Wed, 26 Dec 2012 01:55:13 -0800 

On Mon, 2012-12-24 at 08:06 +0100, "Dr. Hansjörg Maurer" wrote:
> Hi Andrew
> 
> Please file a bug, so it isn't lost over the Christmas season, but
> clearly I need to change the code not to rely on posixAccount and
> posixGroup.  The steps you performed are reasonable, and while we can
> improve our tool to add that objectClass, if AD isn't adding it using
> the standard GUI tools, we shouldn't require it either. 
> 
> done
> 
> https://bugzilla.samba.org/show_bug.cgi?id=9520

Attached is an interim patch.  Before we get this into master, I need to
write a series of tests, because having this code untested is just
causing us trouble.

However, the attached should work, and so I would appreciate some
testing if you have time. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org


>From d082c2aeb7110295738a8c4e30ce08d997fb87dd Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abart...@samba.org>
Date: Wed, 26 Dec 2012 20:48:12 +1100
Subject: [PATCH] s4-idmap: Remove requirement that posixAccount or posixGroup
 be set for rfc2307

This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with
only the setting of the UID/GID in Active Directory Users and Computers.

Andrew Bartlett
---
 source4/winbind/idmap.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c
index a6cc88f..e11a8e4 100644
--- a/source4/winbind/idmap.c
+++ b/source4/winbind/idmap.c
@@ -236,8 +236,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
 						      LDB_SCOPE_SUBTREE,
 						      sam_attrs, 0,
 						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))"
-						      "(uidNumber=%u)(objectSid=*)"
-						      "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+						      "(uidNumber=%u)(objectSid=*))",
 						      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id);
 			} else {
 				/* If we are not to use the rfc2307 attributes, we just emulate a non-match */
@@ -274,8 +273,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
 						      ldb_get_default_basedn(idmap_ctx->samdb),
 						      LDB_SCOPE_SUBTREE,
 						      sam_attrs, 0,
-						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u)"
-						      "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+						      "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u))",
 						      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP,
 						      unixid->id);
 			} else {
-- 
1.7.11.7


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to