Posix/Samba: the accounts managements
adegremont at idealx.com
Mon Nov 3 13:24:55 GMT 2003
Simo Sorce wrote:
>of course that shouldn't happen by default, but it would be a big help
>for many admins imo.
It may be a big help, but it's very difficult to implement. It's so
difficult that external scripts are a very good solution, imho.
>If you have a test environment I'll propose this patch:
>if it is ok I'll commit it.
I had already made some tests with these kind of modification and it
works fine except for one problem.
The ldapsam delete functions try to delete the samba object class
(sambaSamAccount or sambaGroupMapping) and all of its attributes, so the
'cn' attributes too. But, the other classes which these classes depends
on need the 'cn' attribute too (i.e: posixAccount), so they don't like
at all that Samba try to remove it.
So, I propose that the deletion (ldapsam_delete_entry) only remove the
samba objetclass, and let LDAP remove the associated attributes. As the
posixAccount needs the 'cn' attribute, LDAP will not remove it, only the
attributes that are not claimed by the other classes.
Concerning the patches, I think all modification calls may be patched,
not only delete_dom_user and remove_user_foreign_domain, like
delete_group. I will test it and try to propose a patch soon.
More information about the samba-technical