s4: new classicupgrade and uids
Sergey Urushkin
urushkin at telros.ru
Tue Jul 24 01:57:31 MDT 2012
22.06.2012 14:04, Andrew Bartlett пишет:
> On Fri, 2012-06-22 at 13:42 +0400, Sergey Urushkin wrote:
>
>
> 22.06.2012 12:11, Andrew Bartlett написал:
>>> On Thu, 2012-06-21 at 16:43 +0400, Sergey Urushkin wrote:
>>>> 2. 'Administrator' hasn't got an uidNumber (while it had it in
>>>> openldap), so it makes me map it manually. Is it a bug or feature?
>>> Simply a bug.
>> As I wrote in another branch - 'guest' is also affected. Should I write
>> report, or it'll be fixed in place soon?
Hi, here is the patch that fixes this issue:
--- upgrade.py.orig 2012-07-23 09:25:27.000000000 +0400
+++ upgrade.py 2012-07-24 11:40:58.107080685 +0400
@@ -675,8 +675,9 @@
continue
username = entry['account_name']
if entry['rid'] < 1000:
- logger.info(" Skipping wellknown rid=%d (for
username=%s)", entry['rid'], username)
- continue
+ if username.lower() != 'administrator' and username.lower()
!= 'guest' and username.lower() != 'krbtgt':
+ logger.info(" Skipping wellknown rid=%d (for
username=%s)", entry['rid'], username.lower())
+ continue
if entry['rid'] >= next_rid:
next_rid = entry['rid'] + 1
@@ -866,7 +867,11 @@
else:
logger.warn('User root has been kept in the directory,
it should be removed in favour of the Administrator user')
- s4_passdb.add_sam_account(userdata[username])
+ if username.lower() == 'administrator' or username.lower() ==
'guest' or username.lower() == 'krbtgt':
+ logger.warn(" Skipping wellknown provisioned user '%s'",
username)
+ else:
+ s4_passdb.add_sam_account(userdata[username])
+
if username in uids:
add_ad_posix_idmap_entry(result.samdb,
userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger)
if (username in homes) and (homes[username] != None) and \
Also, I have to say that "if entry['rid'] < 1000:" check gives an error
at the "adding users to groups" stage (nonexisting user). Ways to solve it:
1. Stop provision with error if such accounts exist (think it's the best)
2. Add some workaround to the function that lists members
3. Remove this check.
Thanks.
--
Best regards,
Sergey Urushkin
More information about the samba-technical
mailing list