summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/upgrade.py34
1 files changed, 32 insertions, 2 deletions
diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py
index 7055d0d673..85c2c8c6fa 100644
--- a/source4/scripting/python/samba/upgrade.py
+++ b/source4/scripting/python/samba/upgrade.py
@@ -85,6 +85,36 @@ def import_sam_policy(samdb, policy, logger):
logger.warn("Could not set account policy, (%s)", str(e))
+def add_ad_posix_idmap_entry(samdb, sid, xid, xid_type, logger):
+ """Create idmap entry
+
+ :param samdb: Samba4 sam.ldb database
+ :param sid: user/group sid
+ :param xid: user/group id
+ :param xid_type: type of id (ID_TYPE_UID/ID_TYPE_GID)
+ :param logger: Logger object
+ """
+
+ try:
+ m = ldb.Message()
+ m.dn = ldb.Dn(samdb, "<SID=%s>" % str(sid))
+ if xid_type == "ID_TYPE_UID":
+ m['uidNumber'] = ldb.MessageElement(
+ str(xid), ldb.FLAG_MOD_REPLACE, 'uidNumber')
+ m['objectClass'] = ldb.MessageElement(
+ "posixAccount", ldb.FLAG_MOD_ADD, 'objectClass')
+ elif xid_type == "ID_TYPE_GID":
+ m['gidNumber'] = ldb.MessageElement(
+ str(xid), ldb.FLAG_MOD_REPLACE, 'gidNumber')
+ m['objectClass'] = ldb.MessageElement(
+ "posixGroup", ldb.FLAG_MOD_ADD, 'objectClass')
+
+ samdb.modify(m)
+ except ldb.LdbError, e:
+ logger.warn(
+ 'Could not modify AD idmap entry for sid=%s, id=%s, type=%s (%s)',
+ str(sid), str(xid), xid_type, str(e))
+
def add_idmap_entry(idmapdb, sid, xid, xid_type, logger):
"""Create idmap entry
@@ -710,8 +740,8 @@ Please fix this account before attempting to upgrade again
for g in grouplist:
# Ignore uninitialized groups (gid = -1)
if g.gid != -1:
- add_idmap_entry(result.idmap, g.sid, g.gid, "ID_TYPE_GID", logger)
add_group_from_mapping_entry(result.samdb, g, logger)
+ add_ad_posix_idmap_entry(result.samdb, g.sid, g.gid, "ID_TYPE_GID", logger)
# Export users to samba4 backend
logger.info("Importing users")
@@ -720,7 +750,7 @@ Please fix this account before attempting to upgrade again
continue
s4_passdb.add_sam_account(userdata[username])
if username in uids:
- add_idmap_entry(result.idmap, userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger)
+ add_ad_posix_idmap_entry(result.samdb, userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger)
logger.info("Adding users to groups")
for g in grouplist: