1 files changed, 61 insertions, 33 deletions
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index b23b7286ea..4abc7b569c 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -1533,11 +1533,12 @@ Initialize SAM_ACCOUNT from an LDAP query (unix attributes only)
 *********************************************************************/
 static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state, 
 				SAM_ACCOUNT * sampass,
-				LDAPMessage * entry,
-				gid_t *gid)
+				LDAPMessage * entry)
 {
 	pstring  homedir;
 	pstring  temp;
+	uid_t uid;
+	gid_t gid;
 	char **ldap_values;
 	char **values;
 
@@ -1562,12 +1563,19 @@ static BOOL get_unix_attributes (struct ldapsam_privates *ldap_state,
 	if (!get_single_attribute(ldap_state->ldap_struct, entry, "homeDirectory", homedir)) 
 		return False;
 	
+	if (!get_single_attribute(ldap_state->ldap_struct, entry, "uidNumber", temp))
+		return False;
+	
+	uid = (uid_t)atol(temp);
+	
 	if (!get_single_attribute(ldap_state->ldap_struct, entry, "gidNumber", temp))
 		return False;
 	
 	gid = (gid_t)atol(temp);
 
 	pdb_set_unix_homedir(sampass, homedir, PDB_SET);
+	pdb_set_uid(sampass, uid, PDB_SET);
+	pdb_set_gid(sampass, gid, PDB_SET);
 	
 	DEBUG(10, ("user has posixAcccount attributes\n"));
 	return True;
@@ -1609,7 +1617,8 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 	uint8 		hours[MAX_HOURS_LEN];
 	pstring temp;
 	uid_t		uid = -1;
-	gid_t		gid = getegid();
+	gid_t 		gid = getegid();
+
 
 	/*
 	 * do a little initialization
@@ -1681,17 +1690,40 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 	 * If so configured, try and get the values from LDAP 
 	 */
 
-	if (!lp_ldap_trust_ids() && (get_unix_attributes(ldap_state, sampass, entry, &gid))) {
+	if (!lp_ldap_trust_ids() || (!get_unix_attributes(ldap_state, sampass, entry))) {
 		
-		if (pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) {
-			GROUP_MAP map;
-			/* call the mapping code here */
-			if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
-				pdb_set_group_sid(sampass, &map.sid, PDB_SET);
-			} 
-			else {
-				pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
+		/* 
+		 * Otherwise just ask the system getpw() calls.
+		 */
+	
+		pw = getpwnam_alloc(username);
+		if (pw == NULL) {
+			if (! ldap_state->permit_non_unix_accounts) {
+				DEBUG (2,("init_sam_from_ldap: User [%s] does not exist via system getpwnam!\n", username));
+				return False;
 			}
+		} else {
+			uid = pw->pw_uid;
+			pdb_set_uid(sampass, uid, PDB_SET);
+			gid = pw->pw_gid;
+			pdb_set_gid(sampass, gid, PDB_SET);
+			
+			pdb_set_unix_homedir(sampass, pw->pw_dir, PDB_SET);
+
+			passwd_free(&pw);
+		}
+	}
+
+	if ((pdb_get_init_flags(sampass,PDB_GROUPSID) == PDB_DEFAULT) 
+		&& (pdb_get_init_flags(sampass,PDB_GID) != PDB_DEFAULT)) {
+		GROUP_MAP map;
+		gid = pdb_get_gid(sampass);
+		/* call the mapping code here */
+		if(pdb_getgrgid(&map, gid, MAPPING_WITHOUT_PRIV)) {
+			pdb_set_group_sid(sampass, &map.sid, PDB_SET);
+		} 
+		else {
+			pdb_set_group_sid_from_rid(sampass, pdb_gid_to_group_rid(gid), PDB_SET);
 		}
 	}
 
@@ -3069,7 +3101,7 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
 {
 	NTSTATUS nt_status;
 	struct ldapsam_privates *ldap_state;
@@ -3133,7 +3165,7 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
 	NTSTATUS nt_status;
 	struct ldapsam_privates *ldap_state;
 
-	if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) {
 		return nt_status;
 	}
 
@@ -3165,54 +3197,50 @@ static NTSTATUS pdb_init_ldapsam_compat(PDB_CONTEXT *pdb_context, PDB_METHODS **
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
+static NTSTATUS pdb_init_ldapsam_nua(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
 {
 	NTSTATUS nt_status;
 	struct ldapsam_privates *ldap_state;
-	uint32 low_idmap_uid, high_idmap_uid;
-	uint32 low_idmap_gid, high_idmap_gid;
+	uint32 low_winbind_uid, high_winbind_uid;
+	uint32 low_winbind_gid, high_winbind_gid;
 
-	if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) {
+	if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam(pdb_context, pdb_method, location))) {
 		return nt_status;
 	}
 
-	(*pdb_method)->name = "ldapsam";
+	(*pdb_method)->name = "ldapsam_nua";
 
 	ldap_state = (*pdb_method)->private_data;
 	
 	ldap_state->permit_non_unix_accounts = True;
 
 	/* We know these uids can't turn up as allogorithmic RIDs */
-	if (!lp_idmap_uid(&low_idmap_uid, &high_idmap_uid)) {
-		DEBUG(0, ("cannot use ldapsam_nua without 'idmap uid' range in smb.conf!\n"));
+	if (!lp_winbind_uid(&low_winbind_uid, &high_winbind_uid)) {
+		DEBUG(0, ("cannot use ldapsam_nua without 'winbind uid' range in smb.conf!\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
 	/* We know these gids can't turn up as allogorithmic RIDs */
-	if (!lp_idmap_gid(&low_idmap_gid, &high_idmap_gid)) {
+	if (!lp_winbind_gid(&low_winbind_gid, &high_winbind_gid)) {
 		DEBUG(0, ("cannot use ldapsam_nua without 'wibnind gid' range in smb.conf!\n"));
 		return NT_STATUS_UNSUCCESSFUL;
 	}
 
-	ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_idmap_uid);
+	ldap_state->low_allocated_user_rid=fallback_pdb_uid_to_user_rid(low_winbind_uid);
 
-	ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_idmap_uid);
+	ldap_state->high_allocated_user_rid=fallback_pdb_uid_to_user_rid(high_winbind_uid);
 
-	ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_idmap_gid);
+	ldap_state->low_allocated_group_rid=pdb_gid_to_group_rid(low_winbind_gid);
 
-	ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_idmap_gid);
+	ldap_state->high_allocated_group_rid=pdb_gid_to_group_rid(high_winbind_gid);
 
 	return NT_STATUS_OK;
 }
 
 NTSTATUS pdb_ldap_init(void)
 {
-	NTSTATUS nt_status;
-	if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam)))
-		return nt_status;
-
-	if (!NT_STATUS_IS_OK(nt_status = smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat)))
-		return nt_status;
-
+	smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam", pdb_init_ldapsam);
+	smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_compat", pdb_init_ldapsam_compat);
+	smb_register_passdb(PASSDB_INTERFACE_VERSION, "ldapsam_nua", pdb_init_ldapsam_nua);
 	return NT_STATUS_OK;
 }