Finding group members - fix to winbindd_ads.c

Andrew Bartlett abartlet at samba.org
Fri Jan 31 22:21:24 GMT 2003 

On Sat, 2003-02-01 at 08:54, Andrew Bartlett wrote:
> On Fri, 2003-01-24 at 15:08, Ken Cross wrote:
> > Hmm ... the helpful email client wrapped some of the lines.  The patch
> > is attached.
> > 
> > Ken
> > 
> > 
> > -----Original Message-----
> > From: samba-technical-admin at lists.samba.org
> > [mailto:samba-technical-admin at lists.samba.org] On Behalf Of Ken Cross
> > Sent: Thursday, January 23, 2003 11:01 PM
> > To: samba-technical at samba.org
> > Subject: Finding group members - fix to winbindd_ads.c
> > 
> > 
> > Samba-folk:
> > 
> > There's a problem in the SAMBA_3_0 finding all members of a group using
> > LDAP (lookup_groupmem in nsswitch/winbindd_ads.c).
> > 
> > It currently gets all the "member" records for a group, but the primary
> > group membership for users don't get included in that set.  
> > 
> > The primaryGroupID in user records is the RID of the primary group. That
> > should be included in enumerating the members of any group.
> > 
> > The patch below fixes this.
> > 
> > Ken Cross
> > Network Storage Solutions
> 
> I didn't see anybody pick this up, so I just figured I would let you
> know that I've at least seen it.   It's interesting that AD allows such
> a situation to occur at all, with its 'all groups are equal' stuff.
> 
> I'll see if I can get a test environment for this - but I'm pretty busy
> at the moment (the patch looks fine, so if somebody else wants to commit
> it go right ahead).  

Two issues have been raised on IRC:

 - firstly, if the destination of this call is the unix group
membership, then we don't want 'primary' users added to the sups list,
as the unix primary group should show this.
 - you don't seem to deal with the possibility of duplicates

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030201/c914d4ba/attachment.bin

More information about the samba-technical mailing list