Matthieu Patou mat at
Sat May 21 05:02:49 MDT 2011

On 19/05/2011 19:50, Matthias Dieter Wallnöfer wrote:
> Hi ekacnet,
> regarding 
> htp://;a=commitdiff;h=3cfdedd9d6a4be8f229d0030900f808289effe29: 
> please don't sort out these things since the plan is to end up in 
> common LDB add and modify triggers code at some point.
Ok didn't know it, looked like some leftover, but it's more a start ...
> Second question: is the code still passing with your second 
> change?
Not quite, I changed the code to just do not change the primaryGroupID 
if you are a user because, in this case you can't get the flags
that you are a workstation or a (RO)DC and have an influence on your group.

In other case it's authorized as you will change group if you get the 

I added a unit test as well.

I guess it's pretty good now at:;a=shortlog;h=refs/heads/miscsamdb

Any comments ?


> Cheers,
> Matthias
> Matthieu Patou wrote:
>> Hello Mathias,
>> I faced some strange behavior with net setpassword and I'm pretty 
>> sure that's it's linked to samldb_user_account_control_change.
>> Are you sure that this function should be called on modify ? At least 
>> I'm sure that primaryGroupID should not be set.
>> I made a try with a user with primaryGroupID set to 513, I locked the 
>> user, when I unlock the user, Windows XP sends to a W2k8R2 DC a 
>> modify on userAccountControl but this didn't imply modifying the 
>> primaryGroupID.
>> I have the feeling that the group calculation should be done only on 
>> add not on modify.
>> So I pushed 2 patches here:
>> Matthieu.

Matthieu Patou
Samba Team
Private repo;a=summary

More information about the samba-technical mailing list