On Wed, 2012-12-26 at 21:18 +0100, "Dr. Hansjörg Maurer" wrote: > Hi Andrew > > > Am 26.12.2012 10:54, schrieb Andrew Bartlett: > > > > Attached is an interim patch. Before we get this into master, I need to > > write a series of tests, because having this code untested is just > > causing us trouble. > > > > However, the attached should work, and so I would appreciate some > > testing if you have time. > unfortunately your patch did not solve the problem. > I found a second appearance of posixAccount and posixGroup in idmap.c > and removed it > and after that it works
Thanks! Once I get some tests in, I'll propose this again, but at least now we have a solution for you. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
>From 86df402e372fd0c945ad9b4684a48704090c38ce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett <[email protected]> Date: Wed, 26 Dec 2012 20:48:12 +1100 Subject: [PATCH] s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett --- source4/winbind/idmap.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c index a6cc88f..3773c1d 100644 --- a/source4/winbind/idmap.c +++ b/source4/winbind/idmap.c @@ -236,8 +236,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, LDB_SCOPE_SUBTREE, sam_attrs, 0, "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))" - "(uidNumber=%u)(objectSid=*)" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(uidNumber=%u)(objectSid=*))", ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id); } else { /* If we are not to use the rfc2307 attributes, we just emulate a non-match */ @@ -274,8 +273,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, ldb_get_default_basedn(idmap_ctx->samdb), LDB_SCOPE_SUBTREE, sam_attrs, 0, - "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u)" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u))", ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP, unixid->id); } else { @@ -439,8 +437,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, "(&(objectSid=%s)" "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)" "(sAMaccountType=%u)(sAMaccountType=%u))" - "(|(uidNumber=*)(gidNumber=*))" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(|(uidNumber=*)(gidNumber=*)))", dom_sid_string(tmp_ctx, sid), ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP); -- 1.7.11.7
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
