deleting group using usgmgr on Samba3.0.1 rc2
Jianliang Lu
j.lu at tiesse.com
Mon Dec 15 16:07:17 GMT 2003
Hi,
We would propose the following patch to fix a problem of "group delete"
using usrmgr. With the LDAPSAM backend when we delete a domain group
using usrmgr we got the NT_STATUS_ACCESS_DENIED, because the group
was first deleted by the "delete group script" (smblda-groupdel.pl) and then
was again deleted by pdb_delete_group_mapping_entry(group_sid)) that can't
find such group in ldap, so return NT_STATUS_ACCESS_DENIED. With LDAP backend
a group cannot exist without the gid in database, so there is not any script
that delete only the posixgroup leaving the SambaSID attribute of group in
database, instead, you can delete the group's SambaSID leaving only the
posixgroup.
patch:
--- samba-3.0.1rc2/source/rpc_server/srv_samr_nt.c.orig Fri Dec 12 17:25:49
2003
+++ samba-3.0.1rc2/source/rpc_server/srv_samr_nt.c Fri Dec 12 17:36:38
2003
@@ -3827,6 +3827,10 @@
if ( (grp=getgrgid(gid)) == NULL)
return NT_STATUS_NO_SUCH_GROUP;
+ /* First delete group mapping */
+ if(!pdb_delete_group_mapping_entry(group_sid))
+ return NT_STATUS_ACCESS_DENIED;
+
/* we can delete the UNIX group */
smb_delete_group(grp->gr_name);
@@ -3834,8 +3838,6 @@
if ( (grp=getgrgid(gid)) != NULL)
return NT_STATUS_ACCESS_DENIED;
- if(!pdb_delete_group_mapping_entry(group_sid))
- return NT_STATUS_ACCESS_DENIED;
if (!close_policy_hnd(p, &q_u->group_pol))
return NT_STATUS_OBJECT_NAME_INVALID;
cheers,
Jianliang Lu
TieSse s.p.a. Ivrea (To) - Italy
j.lu at tiesse.com luj at libero.it
http://www.tiesse.com
More information about the samba-technical
mailing list