[patch] migration of additional user attributes
Lars MÜLLER
lmuelle at SuSE.de
Sat Oct 30 09:31:43 GMT 2004
On Sat, Oct 30, 2004 at 10:01:40AM +1000, Andrew Bartlett wrote:
> On Fri, 2004-10-29 at 03:53, Lars MÜLLER wrote:
> >
> > the attached patch tries to migrate several informations available in
> > SAM_ACCOUNT_INFO which are not yet propageted to SAM_ACCOUNT.
> >
> > bad_pwd_count is stored as bad_password_count
> > logon_count as logon_count
> >
> > acct_expiry_time is new to SAM_ACCOUNT.
>
> How does it differ from the kickoff time?
I'm not sure. But an expired account might be never used. While a user
kicked off by kickoff time might be only kicked off once. And as we
know that there are account expiry time and kickoff time in the struct,
I would prefer to use a new variable to store the account expiry time.
> > sam_account_ok() returns with NT_STATUS_ACCOUNT_EXPIRED if the account
> > is expired.
> >
> > If delta->pwd_expired is set I manipulate must_change_time and
> > last_set_time to trigger a NT_STATUS_PASSWORD_MUST_CHANGE from a call to
> > sam_account_ok() for this user.
> >
> > Unfortunately I can't test this as I currently happily only have Linux
> > boxes available. But it compiles and links without additional warnings.
>
> Well, you will need to find that friendly DC :-)
And also someone who fixes the backends. There was already a moment
when I thought: This was to simple. ;) I'll do this next.
> > I'm not sure if this is the right approach or if I'm completely wrong.
> > But if this is the right direction I'll try to add logon_hours next.
>
> It looks pretty much how it should be, except that I suspect the
> nt_time_is_zero stuff might really be dependent on separate flags, and
> the zeros are just initialisation. (that's how it is in SAMR)
So you'll fix it in Samba 4 and then we port it back to 3. ;)
For now I'll remove the nt_time_is_zero check for the acct_expiry_time
and add a note that a zero might even have a meaning.
Lars
--
Lars MÜLLER [ˈlaː(r)z ˈmʏlɐ]
SuSE Linux AG, Maxfeldstraße 5, 90409 Nürnberg, Germany
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20041030/7e0c28ea/attachment.bin
More information about the samba-technical
mailing list