From 48c45486e3e67b96c7ea4c7044823274e9fa72e7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 17 Dec 2001 11:16:22 +0000 Subject: allow selection of the organisational unit when joining a realm (This used to be commit f1231c2b54cac9d4fda7fa9d45fd329f1fd7b779) --- source3/libads/ldap.c | 8 ++++---- source3/utils/net_ads.c | 34 ++++++++++++++++++++++++++++------ 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 2fe97ebb1a..09498b4384 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -181,14 +181,14 @@ int ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ...) /* add a machine account to the ADS server */ -static int ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname) +static int ads_add_machine_acct(ADS_STRUCT *ads, const char *hostname, const char *org_unit) { int ret; char *host_spn, *host_upn, *new_dn, *samAccountName, *controlstr; asprintf(&host_spn, "HOST/%s", hostname); asprintf(&host_upn, "%s@%s", host_spn, ads->realm); - asprintf(&new_dn, "cn=%s,cn=Computers,%s", hostname, ads->bind_path); + asprintf(&new_dn, "cn=%s,cn=%s,%s", hostname, org_unit, ads->bind_path); asprintf(&samAccountName, "%s$", hostname); asprintf(&controlstr, "%u", UF_DONT_EXPIRE_PASSWD | UF_WORKSTATION_TRUST_ACCOUNT | @@ -300,7 +300,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) join a machine to a realm, creating the machine account and setting the machine password */ -int ads_join_realm(ADS_STRUCT *ads, const char *hostname) +int ads_join_realm(ADS_STRUCT *ads, const char *hostname, const char *org_unit) { int rc; LDAPMessage *res; @@ -316,7 +316,7 @@ int ads_join_realm(ADS_STRUCT *ads, const char *hostname) return LDAP_SUCCESS; } - rc = ads_add_machine_acct(ads, host); + rc = ads_add_machine_acct(ads, host, org_unit); if (rc != LDAP_SUCCESS) { DEBUG(0, ("ads_add_machine_acct: %s\n", ads_errstr(rc))); return rc; diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c67fbda2c8..8d41c09208 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -26,7 +26,7 @@ int net_ads_usage(int argc, const char **argv) { d_printf( -"\nnet ads join"\ +"\nnet ads join "\ "\n\tjoins the local machine to a ADS realm\n"\ "\nnet ads leave"\ "\n\tremoves the local machine from a ADS realm\n"\ @@ -169,11 +169,13 @@ static int net_ads_status(int argc, const char **argv) static int net_ads_leave(int argc, const char **argv) { - ADS_STRUCT *ads; + ADS_STRUCT *ads = NULL; int rc; extern pstring global_myname; - if (!(ads = ads_startup())) return -1; + if (!(ads = ads_startup())) { + return -1; + } if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); @@ -200,19 +202,39 @@ static int net_ads_join(int argc, const char **argv) char *tmp_password; extern pstring global_myname; NTSTATUS status; + const char *org_unit = "Computers"; + char *dn; + void *res; + + if (argc > 0) org_unit = argv[0]; if (!secrets_init()) { DEBUG(1,("Failed to initialise secrets database\n")); return -1; } - - + tmp_password = generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH); password = strdup(tmp_password); if (!(ads = ads_startup())) return -1; - rc = ads_join_realm(ads, global_myname); + asprintf(&dn, "cn=%s,%s", org_unit, ads->bind_path); + + rc = ads_search_dn(ads, &res, dn, NULL); + free(dn); + ads_msgfree(ads, res); + + if (rc == LDAP_NO_SUCH_OBJECT) { + d_printf("ads_join_realm: organisational unit %s does not exist\n", org_unit); + return rc; + } + + if (rc) { + d_printf("ads_join_realm: %s\n", ads_errstr(rc)); + return -1; + } + + rc = ads_join_realm(ads, global_myname, org_unit); if (rc) { d_printf("ads_join_realm: %s\n", ads_errstr(rc)); return -1; -- cgit