[PATCH] libads - Add net ads leave --keep-account option

Justin Stephenson jstephen at redhat.com
Mon Jul 9 13:16:14 UTC 2018 

Thank you for the suggestions, I updated the ldbsearch to use the -H
ldap:// URL connection and providing the credentials - updated patch
attached.

Kind regards,
Justin Stephenson

On Fri, Jul 6, 2018 at 8:44 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Fri, 2018-07-06 at 17:44 +0200, Ralph Böhme via samba-technical
> wrote:
> > On Fri, Jul 06, 2018 at 05:13:42PM +0200, Andreas Schneider wrote:
> > > On Friday, 6 July 2018 17:02:47 CEST Ralph Böhme via samba-technical
> wrote:
> > > > On Fri, Jun 29, 2018 at 10:26:13AM -0400, Justin Stephenson via
> samba-
> > >
> > > technical wrote:
> > > > > Please see attached patch to add the --keep-account net ads leave
> argument,
> > > > > allowing to leave the domain without removing the machine account
> object.
> > > >
> > > > I'm not sure I understand how the test can work. It uses local
> ldbsearch to
> > > > check the account is still there after an net ads leave
> --keep-account. How
> > > > can the ldbsearch work on a member?
> > >
> > > source4/selftest/tests.py
> > > 439:plantestsuite("samba4.blackbox.net_ads(ad_dc:client)",
> "ad_dc:client",
> > > [os.path.join(bbdir, "test_net_ads.sh"), '$DC_SERVER', '$DC_USERNAME',
> > > '$DC_PASSWORD', '$PREFIX_ABS'])
> > >
> > > The env is an 'ad_dc' client. So we have access to the ad_dc ldb files
> because
> > > we are in the matrix! ;-)
> >
> > :)
> >
> > > Better ideas to verify that the account exits are welcome.
> >
> > Just go over LDAP?
>
> Yes, it just needs to change to use ldap:// for the ldbsearch, with the
> admin username and PW, rather than a direct file path.
>
> Otherwise looks like a reasonable test.
>
> The test runs in ad_dc:client, which means it gets variables about the
> AD DC, but is a client.  You only find the sam.ldb if you try to work
> out the path (and we try not to do that, which so thanks for those who
> spotted that).
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: net-ads-leave-keep-account.patch
Type: text/x-patch
Size: 5125 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180709/92da2a85/net-ads-leave-keep-account.bin>

More information about the samba-technical mailing list