deleting group using usgmgr on Samba3.0.1 rc2

Aurélien Degrémont adegremont at idealx.com
Tue Dec 16 14:05:28 GMT 2003


Another method will be to change the smb.conf

add :
 ldap delete dn = Yes

remove :
 delete user script = ...
 delete group script = ...

The entries will be totally removed be Samba (not only the samba part), 
this will not raise an error, and no error messages will appeared in 
UserManager.
But I think the code modifications, as i presented in my previous 
message, are needed.


Aurélien

Jianliang Lu wrote:

>Hi,
>We would propose the following patch to fix a problem of "group delete"
>using usrmgr. With the LDAPSAM backend when we delete a domain group 
>using usrmgr we got the NT_STATUS_ACCESS_DENIED, because the group 
>was first deleted by the "delete group script" (smblda-groupdel.pl) and then 
>was again deleted by pdb_delete_group_mapping_entry(group_sid)) that can't 
>find such group in ldap, so return NT_STATUS_ACCESS_DENIED. With LDAP backend 
>a group cannot exist without the gid in database, so there is not any script 
>that delete only the posixgroup leaving the SambaSID attribute of group in 
>database, instead, you can delete the group's SambaSID leaving only the 
>posixgroup.
>
>patch:
>
>--- samba-3.0.1rc2/source/rpc_server/srv_samr_nt.c.orig	Fri Dec 12 17:25:49 
>2003
>+++ samba-3.0.1rc2/source/rpc_server/srv_samr_nt.c	Fri Dec 12 17:36:38 
>2003
>@@ -3827,6 +3827,10 @@
> 	if ( (grp=getgrgid(gid)) == NULL)
> 		return NT_STATUS_NO_SUCH_GROUP;
> 
>+    /* First delete group mapping */
>+	if(!pdb_delete_group_mapping_entry(group_sid))
>+		return NT_STATUS_ACCESS_DENIED;
>+
> 	/* we can delete the UNIX group */
> 	smb_delete_group(grp->gr_name);
> 
>@@ -3834,8 +3838,6 @@
> 	if ( (grp=getgrgid(gid)) != NULL)
> 		return NT_STATUS_ACCESS_DENIED;
> 
>-	if(!pdb_delete_group_mapping_entry(group_sid))
>-		return NT_STATUS_ACCESS_DENIED;
> 
> 	if (!close_policy_hnd(p, &q_u->group_pol))
> 		return NT_STATUS_OBJECT_NAME_INVALID;
>
>cheers,
>
>Jianliang Lu
>TieSse s.p.a.     Ivrea (To) - Italy
>j.lu at tiesse.com   luj at libero.it
>http://www.tiesse.com
>  
>




More information about the samba-technical mailing list