summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/scripting/python/samba/__init__.py25
1 files changed, 25 insertions, 0 deletions
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 720a015c63..fe365bdf94 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -132,9 +132,32 @@ class Ldb(ldb.Ldb):
assert len(values) == 1
return self.schema_format_value(attribute, values.pop())
+ def erase_users_computers(self, dn):
+ """Erases user and computer objects from our AD. This is needed since the 'samldb' module denies the deletion of primary groups. Therefore all groups shouldn't be primary somewhere anymore."""
+
+ try:
+ res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
+ expression="(|(objectclass=user)(objectclass=computer))")
+ except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+ # Ignore no such object errors
+ return
+ pass
+
+ try:
+ for msg in res:
+ self.delete(msg.dn)
+ except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+ # Ignore no such object errors
+ return
+
def erase_except_schema_controlled(self):
"""Erase this ldb, removing all records, except those that are controlled by Samba4's schema."""
+
basedn = ""
+
+ # Try to delete user/computer accounts to allow deletion of groups
+ self.erase_users_computers(basedn)
+
# Delete the 'visible' records, and the invisble 'deleted' records (if this DB supports it)
for msg in self.search(basedn, ldb.SCOPE_SUBTREE,
"(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
@@ -199,6 +222,8 @@ class Ldb(ldb.Ldb):
if not "namingContexts" in res[0]:
return
for basedn in res[0]["namingContexts"]:
+ # Try to delete user/computer accounts to allow deletion of groups
+ self.erase_users_computers(basedn)
# Try and erase from the bottom-up in the tree
erase_recursive(self, basedn)