modification of userAccountControl according to MS-SAMR 3.1.1.8.1.
Kamen Mazdrashki
kamenim at samba.org
Thu Jan 13 16:01:34 MST 2011
On Thu, Jan 13, 2011 at 22:25, Matthias Dieter Wallnöfer <mdw at samba.org> wrote:
> Well, the related code part located in samldb.c line 920 is as follows:
>>
>> /* Step 1.5: Add additional flags when needed */
>> if ((user_account_control & UF_NORMAL_ACCOUNT) &&
>> (ldb_request_get_control(ac->req,
>> LDB_CONTROL_RELAX_OID) == NULL)) {
>> user_account_control |= UF_ACCOUNTDISABLE;
>> user_account_control |= UF_PASSWD_NOTREQD;
>>
>> ret = samdb_msg_set_uint(ldb, ac->msg,
>> ac->msg,
>>
>> "userAccountControl",
>>
>> user_account_control);
>> if (ret != LDB_SUCCESS) {
>> return ret;
>> }
>> }
>
Yep, this is the code that introduces this behavior.
> Okay, you both Anatoliy and Kamen speak about the UF_ACCOUNTDISABLE flag.
> Now the next interesting question: and the UF_PASSWD_NOTREQD flag? Is this
> also not added if "userAccountControl" is specified on add operations?
>
yes.
As I stated earlier, we pass "66080" and this is exactly the value after Add op
has passed. Neither UF_ACCOUNTDISABLE nor UF_PASSWD_NOTREQD is
specified during ldap-add.
As Andrew suggested, I will try to come back with a patch.
And I will be happy to discuss it with you.
--
CU,
Kamen Mazdrashki
Samba Team http://samba.org
http://gitweb.samba.org/?p=kamenim/samba.git;a=summary
More information about the samba-technical
mailing list