From 5e0fcb04a48d96669ed4376bfa17f679e3582236 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 26 Dec 2012 20:48:12 +1100 Subject: s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett Reviewed-by: Stefan Metzmacher --- source4/winbind/idmap.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/source4/winbind/idmap.c b/source4/winbind/idmap.c index a6cc88f827..3773c1de59 100644 --- a/source4/winbind/idmap.c +++ b/source4/winbind/idmap.c @@ -236,8 +236,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, LDB_SCOPE_SUBTREE, sam_attrs, 0, "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))" - "(uidNumber=%u)(objectSid=*)" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(uidNumber=%u)(objectSid=*))", ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id); } else { /* If we are not to use the rfc2307 attributes, we just emulate a non-match */ @@ -274,8 +273,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx, ldb_get_default_basedn(idmap_ctx->samdb), LDB_SCOPE_SUBTREE, sam_attrs, 0, - "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u)" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u))", ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP, unixid->id); } else { @@ -439,8 +437,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx, "(&(objectSid=%s)" "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)" "(sAMaccountType=%u)(sAMaccountType=%u))" - "(|(uidNumber=*)(gidNumber=*))" - "(|(objectClass=posixAccount)(objectClass=posixGroup)))", + "(|(uidNumber=*)(gidNumber=*)))", dom_sid_string(tmp_ctx, sid), ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP); -- cgit