diff options
Diffstat (limited to 'source3/sam')
-rw-r--r-- | source3/sam/idmap_ldap.c | 51 |
1 files changed, 36 insertions, 15 deletions
diff --git a/source3/sam/idmap_ldap.c b/source3/sam/idmap_ldap.c index 2dccaf04f7..56a289d8aa 100644 --- a/source3/sam/idmap_ldap.c +++ b/source3/sam/idmap_ldap.c @@ -397,6 +397,8 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id, int rc = -1; int ldap_op; fstring sid_string; + char **values; + int i; sid_to_string( sid_string, sid ); @@ -422,9 +424,23 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id, snprintf(id_str, sizeof(id_str), "%u", ((id_type & ID_USERID) ? id.uid : id.gid)); - smbldap_set_mod( &mods, LDAP_MOD_ADD, - "objectClass", LDAP_OBJ_IDMAP_ENTRY ); - + values = ldap_get_values(ldap_state.smbldap_state->ldap_struct, entry, "objectClass"); + if (values) { + BOOL found_idmap = False; + for (i=0; values[i]; i++) { + if (StrCaseCmp(values[i], LDAP_OBJ_IDMAP_ENTRY) == 0) { + found_idmap = True; + break; + } + } + if (!found_idmap) + smbldap_set_mod( &mods, LDAP_MOD_ADD, + "objectClass", LDAP_OBJ_IDMAP_ENTRY ); + } else { + smbldap_set_mod( &mods, LDAP_MOD_ADD, + "objectClass", LDAP_OBJ_IDMAP_ENTRY ); + } + smbldap_make_mod( ldap_state.smbldap_state->ldap_struct, entry, &mods, type, id_str ); @@ -433,20 +449,25 @@ static NTSTATUS ldap_set_mapping_internals(const DOM_SID *sid, unid_t id, get_attr_key2string(sidmap_attr_list, LDAP_ATTR_SID), sid_string ); - switch(ldap_op) - { - case LDAP_MOD_ADD: - smbldap_set_mod( &mods, LDAP_MOD_ADD, - "objectClass", LDAP_OBJ_SID_ENTRY ); - rc = smbldap_add(ldap_state.smbldap_state, dn, mods); - break; - case LDAP_MOD_REPLACE: - rc = smbldap_modify(ldap_state.smbldap_state, dn, mods); - break; + /* There may well be nothing at all to do */ + if (mods) { + switch(ldap_op) + { + case LDAP_MOD_ADD: + smbldap_set_mod( &mods, LDAP_MOD_ADD, + "objectClass", LDAP_OBJ_SID_ENTRY ); + rc = smbldap_add(ldap_state.smbldap_state, dn, mods); + break; + case LDAP_MOD_REPLACE: + rc = smbldap_modify(ldap_state.smbldap_state, dn, mods); + break; + } + + ldap_mods_free( mods, True ); + } else { + rc = LDAP_SUCCESS; } - ldap_mods_free( mods, True ); - if (rc != LDAP_SUCCESS) { char *ld_error = NULL; ldap_get_option(ldap_state.smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, |