Finding group members - fix to winbindd_ads.c

Andrew Bartlett abartlet at samba.org
Fri Jan 31 21:54:07 GMT 2003 

On Fri, 2003-01-24 at 15:08, Ken Cross wrote:
> Hmm ... the helpful email client wrapped some of the lines.  The patch
> is attached.
> 
> Ken
> 
> 
> -----Original Message-----
> From: samba-technical-admin at lists.samba.org
> [mailto:samba-technical-admin at lists.samba.org] On Behalf Of Ken Cross
> Sent: Thursday, January 23, 2003 11:01 PM
> To: samba-technical at samba.org
> Subject: Finding group members - fix to winbindd_ads.c
> 
> 
> Samba-folk:
> 
> There's a problem in the SAMBA_3_0 finding all members of a group using
> LDAP (lookup_groupmem in nsswitch/winbindd_ads.c).
> 
> It currently gets all the "member" records for a group, but the primary
> group membership for users don't get included in that set.  
> 
> The primaryGroupID in user records is the RID of the primary group. That
> should be included in enumerating the members of any group.
> 
> The patch below fixes this.
> 
> Ken Cross
> Network Storage Solutions

I didn't see anybody pick this up, so I just figured I would let you
know that I've at least seen it.   It's interesting that AD allows such
a situation to occur at all, with its 'all groups are equal' stuff.

I'll see if I can get a test environment for this - but I'm pretty busy
at the moment (the patch looks fine, so if somebody else wants to commit
it go right ahead).  

Finally, it's good to see a few more companies in the Samba 3.0 game -
feel free to join the #samba-technical IRC channel on irc.freenode.net. 
A number of the samba team as well as folk from other Samba-3.0 NAS
vendors can be found there from time to time.  And don't be afraid to
repost a patch if it seems to have been ignored.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030201/e96feceb/attachment.bin

More information about the samba-technical mailing list