Missing sambaAcctFlags after vampire
Don Watson
dwwatson at us.ibm.com
Tue Aug 9 08:54:12 GMT 2005
I am running Samba Version 3.0.20rc1-SVN-build-8475 on SLES9. After vampiring
to an ldap backend from an NT4 domain, I discovered that some users are
missing the sambaAcctFlags entry. Specifically, those users created on the
NT4 domain with the attribute "User Must Change Password at Next Logon" are
missing the entry.
The reason appears to be in init_ldap_from_sam (passdb/pdb_ldap.c);
need_update (which is really the IS_SAM_CHANGED macro) returns false in the
above case. This means no mod is set up, and the call to ldap
(ldap_modify_s) does not add the sambaAcctFlags entry when creating the
account.
I have attached a patch with a simple fix, which is to remove the need_update
check for PDB_ACCTCTRL in init_ldap_from_sam, thereby forcing the mod. I
have tested the fix and it does not seem to cause unwanted side effects.
However, it may violate a conscious design decision of which I am unaware.
Of course, the whole problem could just be a case of user malfunction :-) If
so, let me know.
--
Don Watson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdb_ldap.c.patch
Type: text/x-diff
Size: 525 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20050809/15aa537c/pdb_ldap.c.bin
More information about the samba-technical
mailing list