diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-06 21:08:08 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-07 08:37:23 +0200 |
commit | 353481daa2497f52c8eec6d760981f17a5f528ca (patch) | |
tree | 4bc940eb84b7a27cfa7bca0e8fc59ca88c420274 /source4 | |
parent | 931aa4e8bd83e515b992d3df726c5804d941de64 (diff) | |
download | samba-353481daa2497f52c8eec6d760981f17a5f528ca.tar.gz samba-353481daa2497f52c8eec6d760981f17a5f528ca.tar.bz2 samba-353481daa2497f52c8eec6d760981f17a5f528ca.zip |
s4:provision - Add a new delete function only for users and computers
We need this new function to delete users and computers before other objects
on reprovisioning. Otherwise primary groups could be deleted before user/computer
accounts (which isn't allowed anymore by the reworked "samldb" module).
Diffstat (limited to 'source4')
-rw-r--r-- | source4/scripting/python/samba/__init__.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index 720a015c63..fe365bdf94 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -132,9 +132,32 @@ class Ldb(ldb.Ldb): assert len(values) == 1 return self.schema_format_value(attribute, values.pop()) + def erase_users_computers(self, dn): + """Erases user and computer objects from our AD. This is needed since the 'samldb' module denies the deletion of primary groups. Therefore all groups shouldn't be primary somewhere anymore.""" + + try: + res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[], + expression="(|(objectclass=user)(objectclass=computer))") + except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _): + # Ignore no such object errors + return + pass + + try: + for msg in res: + self.delete(msg.dn) + except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _): + # Ignore no such object errors + return + def erase_except_schema_controlled(self): """Erase this ldb, removing all records, except those that are controlled by Samba4's schema.""" + basedn = "" + + # Try to delete user/computer accounts to allow deletion of groups + self.erase_users_computers(basedn) + # Delete the 'visible' records, and the invisble 'deleted' records (if this DB supports it) for msg in self.search(basedn, ldb.SCOPE_SUBTREE, "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))", @@ -199,6 +222,8 @@ class Ldb(ldb.Ldb): if not "namingContexts" in res[0]: return for basedn in res[0]["namingContexts"]: + # Try to delete user/computer accounts to allow deletion of groups + self.erase_users_computers(basedn) # Try and erase from the bottom-up in the tree erase_recursive(self, basedn) |