summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-06 21:08:08 +0200
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-07 08:37:23 +0200
commit353481daa2497f52c8eec6d760981f17a5f528ca (patch)
tree4bc940eb84b7a27cfa7bca0e8fc59ca88c420274 /source4
parent931aa4e8bd83e515b992d3df726c5804d941de64 (diff)
downloadsamba-353481daa2497f52c8eec6d760981f17a5f528ca.tar.gz
samba-353481daa2497f52c8eec6d760981f17a5f528ca.tar.bz2
samba-353481daa2497f52c8eec6d760981f17a5f528ca.zip
s4:provision - Add a new delete function only for users and computers
We need this new function to delete users and computers before other objects on reprovisioning. Otherwise primary groups could be deleted before user/computer accounts (which isn't allowed anymore by the reworked "samldb" module).
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/__init__.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 720a015c63..fe365bdf94 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -132,9 +132,32 @@ class Ldb(ldb.Ldb):
assert len(values) == 1
return self.schema_format_value(attribute, values.pop())
+ def erase_users_computers(self, dn):
+ """Erases user and computer objects from our AD. This is needed since the 'samldb' module denies the deletion of primary groups. Therefore all groups shouldn't be primary somewhere anymore."""
+
+ try:
+ res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
+ expression="(|(objectclass=user)(objectclass=computer))")
+ except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+ # Ignore no such object errors
+ return
+ pass
+
+ try:
+ for msg in res:
+ self.delete(msg.dn)
+ except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+ # Ignore no such object errors
+ return
+
def erase_except_schema_controlled(self):
"""Erase this ldb, removing all records, except those that are controlled by Samba4's schema."""
+
basedn = ""
+
+ # Try to delete user/computer accounts to allow deletion of groups
+ self.erase_users_computers(basedn)
+
# Delete the 'visible' records, and the invisble 'deleted' records (if this DB supports it)
for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
"(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
@@ -199,6 +222,8 @@ class Ldb(ldb.Ldb):
if not "namingContexts" in res[0]:
return
for basedn in res[0]["namingContexts"]:
+ # Try to delete user/computer accounts to allow deletion of groups
+ self.erase_users_computers(basedn)
# Try and erase from the bottom-up in the tree
erase_recursive(self, basedn)