[PATCH] samba-tool group addmembers

Alexander Bokovoy ab at samba.org
Fri Jun 9 09:51:40 UTC 2017 

On to, 08 kesä 2017, Alexander Bokovoy via samba-technical wrote:
> On ke, 07 kesä 2017, Rowland Penny via samba-technical wrote:
> > From 27996c250993b93d0dfc4ed7ad9dbb43e9869fa1 Mon Sep 17 00:00:00 2001
> > From: Rowland Penny <rpenny at samba.org>
> > Date: Wed, 7 Jun 2017 15:57:53 +0100
> > Subject: [PATCH] samba-tool: You cannot add members to a group if the member 
> >  exists as a sAMAccountName and a CN.
> > 
> > Signed-off-by: Rowland Penny <rpenny at samba.org>
> > ---
> >  python/samba/netcmd/group.py | 2 ++
> >  python/samba/samdb.py        | 9 ++++++---
> >  2 files changed, 8 insertions(+), 3 deletions(-)
> > 
> > diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
> > index 11f8773..b9d6add 100644
> > --- a/python/samba/netcmd/group.py
> > +++ b/python/samba/netcmd/group.py
> > @@ -199,6 +199,8 @@ This command adds one or more members to an existing Active Directory group. The
> >  
> >  When a member is added to a group the member may inherit permissions and rights from the group.  Likewise, when permission or rights of a group are changed, the changes may reflect in the members through inheritance.
> >  
> > +The member names specified on the command must be the sAMaccountName.
> > +
> >  Example1:
> >  samba-tool group addmembers supergroup Group1,Group2,User1 -H ldap://samba.samdom.example.com -Uadministrator%passw0rd
> >  
> > diff --git a/python/samba/samdb.py b/python/samba/samdb.py
> > index 19dd8e9..719bb8b 100644
> > --- a/python/samba/samdb.py
> > +++ b/python/samba/samdb.py
> > @@ -266,9 +266,12 @@ changetype: modify
> >  """ % (str(targetgroup[0].dn))
> >  
> >              for member in members:
> > -                targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
> > -                                    expression="(|(sAMAccountName=%s)(CN=%s))" % (
> > -                    ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[])
> > +                filter = ('(&(sAMAccountName=%s)(|(objectclass=user)'
> > +                          '(objectclass=group)))' % ldb.binary_encode(member))
> > +                targetmember = self.search(base=self.domain_dn(),
> > +                                           scope=ldb.SCOPE_SUBTREE,
> > +                                           expression="%s" % filter,
> > +                                           attrs=[])
> >  
> >                  if len(targetmember) != 1:
> >                      raise Exception('Unable to find "%s". Operation cancelled.' % member)
> > -- 
> > 2.1.4
> > 
> RB+.
Note that I pushed this change late last night and it is still waiting
in the queue. I *hope* my autobuild gets through.
-- 
/ Alexander Bokovoy

More information about the samba-technical mailing list