s4: new classicupgrade and uids

Sergey Urushkin urushkin at telros.ru
Tue Jul 24 01:57:31 MDT 2012 

22.06.2012 14:04, Andrew Bartlett пишет:
> On Fri, 2012-06-22 at 13:42 +0400, Sergey Urushkin wrote:
>
>
> 22.06.2012 12:11, Andrew Bartlett написал:
>>> On Thu, 2012-06-21 at 16:43 +0400, Sergey Urushkin wrote:
>>>> 2. 'Administrator' hasn't got an uidNumber (while it had it in
>>>> openldap), so it makes me map it manually. Is it a bug or feature?
>>> Simply a bug. 
>> As I wrote in another branch - 'guest' is also affected. Should I write
>> report, or it'll be fixed in place soon?

Hi, here is the patch that fixes this issue:

--- upgrade.py.orig    2012-07-23 09:25:27.000000000 +0400
+++ upgrade.py    2012-07-24 11:40:58.107080685 +0400
@@ -675,8 +675,9 @@
             continue
         username = entry['account_name']
         if entry['rid'] < 1000:
-            logger.info("  Skipping wellknown rid=%d (for
username=%s)", entry['rid'], username)
-            continue
+            if username.lower() != 'administrator' and username.lower()
!= 'guest' and username.lower() != 'krbtgt':
+                logger.info("  Skipping wellknown rid=%d (for
username=%s)", entry['rid'], username.lower())
+                continue
         if entry['rid'] >= next_rid:
             next_rid = entry['rid'] + 1
 
@@ -866,7 +867,11 @@
             else:
                 logger.warn('User root has been kept in the directory,
it should be removed in favour of the Administrator user')
 
-        s4_passdb.add_sam_account(userdata[username])
+        if username.lower() == 'administrator' or username.lower() ==
'guest' or username.lower() == 'krbtgt':
+            logger.warn("  Skipping wellknown provisioned user '%s'",
username)
+        else:
+            s4_passdb.add_sam_account(userdata[username])
+
         if username in uids:
             add_ad_posix_idmap_entry(result.samdb,
userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger)
             if (username in homes) and (homes[username] != None) and \


Also, I have to say that "if entry['rid'] < 1000:" check gives an error
at the "adding users to groups" stage (nonexisting user). Ways to solve it:
 1. Stop provision with error if such accounts exist (think it's the best)
 2. Add some workaround to the function that lists members
 3. Remove this check.

Thanks.

-- 
Best regards,
Sergey Urushkin

More information about the samba-technical mailing list