[PATCH] Add special users to Samba4 (bugzilla #4918)
Andrew Bartlett
abartlet at samba.org
Thu Aug 30 01:07:25 GMT 2007
On Sat, 2007-08-25 at 21:54 -0500, Andrew Kroeger wrote:
> Andrew Bartlett wrote:
> >> This last patch is the one that I anticipate the most feedback on.
> >> Given the special handling of the foreignSecurityPrincipal objectClass
> >> that appears to be special-cased for CN=ForeignSecurityPrincipals, I
> >> needed to add another special case for CN=WellKnows Security Principals.
> >> There may be a more general way to handle this, but I couldn't find any
> >> existing code that looked like it would help.(ldb_dn_canonical_string
> >
> > Could we do this a bit more generically: If no objectSid is present,
> > and the CN can be parsed as a SID, then use that, otherwise just apply
> > the template?
>
> I have completed integrating the wellKnown case with the original
> samldb_fill_foreignSecurityPrincipal_object() code. It should handle
> any future cases that are found with a foreignSecurityPrincipal object
> that specifies its objectSid.
>
> I am attaching 3 patch files. The first 2 (aduc-builtin-users.patch &
> samldb-typo.patch) have not changed since my initial submission, but I
> am including them to keep everything all together. Please let me know
> if you prefer I only send patches that have actually changed in the
> future. The third patch (special-users-v2.patch) implements the changes
> in a more generic way as you suggested. Ignoring indentation changes,
> it adds only 3 lines of code to
> samldb_fill_foreignSecurityPrincipal_object().
Great. Yeah, the indentation makes it looks much worse than it actually
is :-)
> I have completed my testing of the patches, and everything behaves the
> same whether I am using a Win2K3 AS server or Samba 4 with my patches
> applied.
>
> Please let me know if there are any remaining issues that I need to address.
Thankyou very much!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070830/e8668acb/attachment.bin
More information about the samba-technical
mailing list