deleting group using usgmgr on Samba3.0.1 rc2
Aurélien Degrémont
adegremont at idealx.com
Tue Dec 16 14:05:28 GMT 2003
Another method will be to change the smb.conf
add :
ldap delete dn = Yes
remove :
delete user script = ...
delete group script = ...
The entries will be totally removed be Samba (not only the samba part),
this will not raise an error, and no error messages will appeared in
UserManager.
But I think the code modifications, as i presented in my previous
message, are needed.
Aurélien
Jianliang Lu wrote:
>Hi,
>We would propose the following patch to fix a problem of "group delete"
>using usrmgr. With the LDAPSAM backend when we delete a domain group
>using usrmgr we got the NT_STATUS_ACCESS_DENIED, because the group
>was first deleted by the "delete group script" (smblda-groupdel.pl) and then
>was again deleted by pdb_delete_group_mapping_entry(group_sid)) that can't
>find such group in ldap, so return NT_STATUS_ACCESS_DENIED. With LDAP backend
>a group cannot exist without the gid in database, so there is not any script
>that delete only the posixgroup leaving the SambaSID attribute of group in
>database, instead, you can delete the group's SambaSID leaving only the
>posixgroup.
>
>patch:
>
>--- samba-3.0.1rc2/source/rpc_server/srv_samr_nt.c.orig Fri Dec 12 17:25:49
>2003
>+++ samba-3.0.1rc2/source/rpc_server/srv_samr_nt.c Fri Dec 12 17:36:38
>2003
>@@ -3827,6 +3827,10 @@
> if ( (grp=getgrgid(gid)) == NULL)
> return NT_STATUS_NO_SUCH_GROUP;
>
>+ /* First delete group mapping */
>+ if(!pdb_delete_group_mapping_entry(group_sid))
>+ return NT_STATUS_ACCESS_DENIED;
>+
> /* we can delete the UNIX group */
> smb_delete_group(grp->gr_name);
>
>@@ -3834,8 +3838,6 @@
> if ( (grp=getgrgid(gid)) != NULL)
> return NT_STATUS_ACCESS_DENIED;
>
>- if(!pdb_delete_group_mapping_entry(group_sid))
>- return NT_STATUS_ACCESS_DENIED;
>
> if (!close_policy_hnd(p, &q_u->group_pol))
> return NT_STATUS_OBJECT_NAME_INVALID;
>
>cheers,
>
>Jianliang Lu
>TieSse s.p.a. Ivrea (To) - Italy
>j.lu at tiesse.com luj at libero.it
>http://www.tiesse.com
>
>
More information about the samba-technical
mailing list