Posix/Samba: the accounts managements

Aurélien Degrémont adegremont at idealx.com
Mon Nov 3 13:24:55 GMT 2003

Simo Sorce wrote:

>of course that shouldn't happen by default, but it would be a big help
>for many admins imo.
It may be a big help, but it's very difficult to implement. It's so 
difficult that external scripts are a very good solution, imho.

>If you have a test environment I'll propose this patch:
>if it is ok I'll commit it.

I had already made some tests with these kind of modification and it 
works fine except for one problem.
The ldapsam delete functions try to delete the samba object class 
(sambaSamAccount or sambaGroupMapping) and all of its attributes, so the 
'cn' attributes too. But, the other classes which these classes depends 
on need the 'cn' attribute too (i.e: posixAccount), so they don't like 
at all that Samba try to remove it.
So, I propose that the deletion (ldapsam_delete_entry) only remove the 
samba objetclass, and let LDAP remove the associated attributes. As the 
posixAccount needs the 'cn' attribute, LDAP will not remove it, only the 
attributes that are not claimed by the other classes.

Concerning the patches, I think all modification calls may be patched, 
not only delete_dom_user and remove_user_foreign_domain, like 
delete_group. I will test it and try to propose a patch soon.


More information about the samba-technical mailing list