diff options
author | Matthias Dieter Wallnöfer <mdw@samba.org> | 2010-09-15 15:19:38 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-09-24 09:25:42 +1000 |
commit | 679eb33e798efbfdaebb9cf0cd3977bb945e8075 (patch) | |
tree | da1f7d447012a57b0f0c84c5a687c892c9794ab8 /source4 | |
parent | 2e913994f2455019a3b99cb19df2f319b7218e17 (diff) | |
download | samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.tar.gz samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.tar.bz2 samba-679eb33e798efbfdaebb9cf0cd3977bb945e8075.zip |
s4:samldb LDB module - it isn't allowed to create user/computer accounts with a primary group specified
It can only be changed afterwards. We allow a "relax"ed exception for the
provision state since we need this for the guest account.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source4')
-rw-r--r-- | source4/dsdb/samdb/ldb_modules/samldb.c | 4 | ||||
-rwxr-xr-x | source4/dsdb/tests/python/ldap.py | 19 |
2 files changed, 13 insertions, 10 deletions
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index d23031522d..e7e84b2e3b 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -269,6 +269,10 @@ static int samldb_check_primaryGroupID(struct samldb_ctx *ac) if (ret != LDB_SUCCESS) { return ret; } + } else if (!ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID)) { + ldb_set_errstring(ldb, + "The primary group isn't settable on add operations!"); + return LDB_ERR_UNWILLING_TO_PERFORM; } sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid); diff --git a/source4/dsdb/tests/python/ldap.py b/source4/dsdb/tests/python/ldap.py index d2aeeb1a12..82b5de2147 100755 --- a/source4/dsdb/tests/python/ldap.py +++ b/source4/dsdb/tests/python/ldap.py @@ -1240,16 +1240,15 @@ objectClass: container self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) # Try to Create a user with a valid primary group -# TODO Some more investigation needed here -# try: -# ldb.add({ -# "dn": "cn=ldaptestuser,cn=users," + self.base_dn, -# "objectclass": ["user", "person"], -# "primaryGroupID": str(group_rid_1)}) -# self.fail() -# except LdbError, (num, _): -# self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) -# self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) + try: + ldb.add({ + "dn": "cn=ldaptestuser,cn=users," + self.base_dn, + "objectclass": ["user", "person"], + "primaryGroupID": str(group_rid_1)}) + self.fail() + except LdbError, (num, _): + self.assertEquals(num, ERR_UNWILLING_TO_PERFORM) + self.delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn) # Test to see how we should behave when the user account doesn't # exist |