diff options
-rw-r--r-- | source4/scripting/python/samba/upgrade.py | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 7055d0d673..85c2c8c6fa 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -85,6 +85,36 @@ def import_sam_policy(samdb, policy, logger): logger.warn("Could not set account policy, (%s)", str(e)) +def add_ad_posix_idmap_entry(samdb, sid, xid, xid_type, logger): + """Create idmap entry + + :param samdb: Samba4 sam.ldb database + :param sid: user/group sid + :param xid: user/group id + :param xid_type: type of id (ID_TYPE_UID/ID_TYPE_GID) + :param logger: Logger object + """ + + try: + m = ldb.Message() + m.dn = ldb.Dn(samdb, "<SID=%s>" % str(sid)) + if xid_type == "ID_TYPE_UID": + m['uidNumber'] = ldb.MessageElement( + str(xid), ldb.FLAG_MOD_REPLACE, 'uidNumber') + m['objectClass'] = ldb.MessageElement( + "posixAccount", ldb.FLAG_MOD_ADD, 'objectClass') + elif xid_type == "ID_TYPE_GID": + m['gidNumber'] = ldb.MessageElement( + str(xid), ldb.FLAG_MOD_REPLACE, 'gidNumber') + m['objectClass'] = ldb.MessageElement( + "posixGroup", ldb.FLAG_MOD_ADD, 'objectClass') + + samdb.modify(m) + except ldb.LdbError, e: + logger.warn( + 'Could not modify AD idmap entry for sid=%s, id=%s, type=%s (%s)', + str(sid), str(xid), xid_type, str(e)) + def add_idmap_entry(idmapdb, sid, xid, xid_type, logger): """Create idmap entry @@ -710,8 +740,8 @@ Please fix this account before attempting to upgrade again for g in grouplist: # Ignore uninitialized groups (gid = -1) if g.gid != -1: - add_idmap_entry(result.idmap, g.sid, g.gid, "ID_TYPE_GID", logger) add_group_from_mapping_entry(result.samdb, g, logger) + add_ad_posix_idmap_entry(result.samdb, g.sid, g.gid, "ID_TYPE_GID", logger) # Export users to samba4 backend logger.info("Importing users") @@ -720,7 +750,7 @@ Please fix this account before attempting to upgrade again continue s4_passdb.add_sam_account(userdata[username]) if username in uids: - add_idmap_entry(result.idmap, userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger) + add_ad_posix_idmap_entry(result.samdb, userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger) logger.info("Adding users to groups") for g in grouplist: |