Finding group members - fix to winbindd_ads.c
Andrew Bartlett
abartlet at samba.org
Fri Jan 31 22:21:24 GMT 2003
On Sat, 2003-02-01 at 08:54, Andrew Bartlett wrote:
> On Fri, 2003-01-24 at 15:08, Ken Cross wrote:
> > Hmm ... the helpful email client wrapped some of the lines. The patch
> > is attached.
> >
> > Ken
> >
> >
> > -----Original Message-----
> > From: samba-technical-admin at lists.samba.org
> > [mailto:samba-technical-admin at lists.samba.org] On Behalf Of Ken Cross
> > Sent: Thursday, January 23, 2003 11:01 PM
> > To: samba-technical at samba.org
> > Subject: Finding group members - fix to winbindd_ads.c
> >
> >
> > Samba-folk:
> >
> > There's a problem in the SAMBA_3_0 finding all members of a group using
> > LDAP (lookup_groupmem in nsswitch/winbindd_ads.c).
> >
> > It currently gets all the "member" records for a group, but the primary
> > group membership for users don't get included in that set.
> >
> > The primaryGroupID in user records is the RID of the primary group. That
> > should be included in enumerating the members of any group.
> >
> > The patch below fixes this.
> >
> > Ken Cross
> > Network Storage Solutions
>
> I didn't see anybody pick this up, so I just figured I would let you
> know that I've at least seen it. It's interesting that AD allows such
> a situation to occur at all, with its 'all groups are equal' stuff.
>
> I'll see if I can get a test environment for this - but I'm pretty busy
> at the moment (the patch looks fine, so if somebody else wants to commit
> it go right ahead).
Two issues have been raised on IRC:
- firstly, if the destination of this call is the unix group
membership, then we don't want 'primary' users added to the sups list,
as the unix primary group should show this.
- you don't seem to deal with the possibility of duplicates
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030201/c914d4ba/attachment.bin
More information about the samba-technical
mailing list