[PATCH] libads - Add net ads leave --keep-account option
Andrew Bartlett
abartlet at samba.org
Sat Jul 7 00:44:22 UTC 2018
On Fri, 2018-07-06 at 17:44 +0200, Ralph Böhme via samba-technical
wrote:
> On Fri, Jul 06, 2018 at 05:13:42PM +0200, Andreas Schneider wrote:
> > On Friday, 6 July 2018 17:02:47 CEST Ralph Böhme via samba-technical wrote:
> > > On Fri, Jun 29, 2018 at 10:26:13AM -0400, Justin Stephenson via samba-
> >
> > technical wrote:
> > > > Please see attached patch to add the --keep-account net ads leave argument,
> > > > allowing to leave the domain without removing the machine account object.
> > >
> > > I'm not sure I understand how the test can work. It uses local ldbsearch to
> > > check the account is still there after an net ads leave --keep-account. How
> > > can the ldbsearch work on a member?
> >
> > source4/selftest/tests.py
> > 439:plantestsuite("samba4.blackbox.net_ads(ad_dc:client)", "ad_dc:client",
> > [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME',
> > '$DC_PASSWORD', '$PREFIX_ABS'])
> >
> > The env is an 'ad_dc' client. So we have access to the ad_dc ldb files because
> > we are in the matrix! ;-)
>
> :)
>
> > Better ideas to verify that the account exits are welcome.
>
> Just go over LDAP?
Yes, it just needs to change to use ldap:// for the ldbsearch, with the
admin username and PW, rather than a direct file path.
Otherwise looks like a reasonable test.
The test runs in ad_dc:client, which means it gets variables about the
AD DC, but is a client. You only find the sam.ldb if you try to work
out the path (and we try not to do that, which so thanks for those who
spotted that).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list