From bcba41c351bc78d739fb174338d8c71148053b5d Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Wed, 27 Jan 2010 01:32:29 +0300 Subject: python-s4: use secrets.ldb instead of sam.ldb for reading domain SID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allow to be able to run net acl set xxx yyy on DC, but also on domain member. Signed-off-by: Matthias Dieter Wallnöfer --- source4/scripting/python/samba/netcmd/ntacl.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/scripting/python/samba/netcmd/ntacl.py b/source4/scripting/python/samba/netcmd/ntacl.py index a96593ef0c..8c0803f5f5 100644 --- a/source4/scripting/python/samba/netcmd/ntacl.py +++ b/source4/scripting/python/samba/netcmd/ntacl.py @@ -61,7 +61,7 @@ class cmd_acl_set(Command): credopts=None, sambaopts=None, versionopts=None): lp = sambaopts.get_loadparm() creds = credopts.get_credentials(lp) - path = os.path.join(lp.get("private dir"), lp.get("sam database") or "samdb.ldb") + path = os.path.join(lp.get("private dir"), lp.get("secrets database") or "secrets.ldb") creds = credopts.get_credentials(lp) creds.set_kerberos_state(DONT_USE_KERBEROS) try: @@ -71,7 +71,7 @@ class cmd_acl_set(Command): sys.exit(1) attrs = ["objectSid"] print lp.get("realm") - res = ldb.search(expression="(objectClass=*)",base="DC=%s"%lp.get("realm").lower().replace(".",",DC="), scope=SCOPE_BASE, attrs=attrs) + res = ldb.search(expression="(objectClass=*)",base="flatname=%s,cn=Primary Domains"%lp.get("workgroup"), scope=SCOPE_BASE, attrs=attrs) if len(res) !=0: domainsid = ndr_unpack( security.dom_sid,res[0]["objectSid"][0]) setntacl(lp,file,acl,str(domainsid),xattr_backend,eadb_file) -- cgit