From a548e710d8fb9e9a7b0fb0e666dac809bf10cc34 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Jan 2005 23:30:05 +0000 Subject: r4994: Patch from abartlet: When migrating account policies to ldapsam, handle the fact that an admin might have changed the default location of the sambaDomain-object after installation. Guenther (This used to be commit 78c3c7127444b8f9959f4d6ce9e540271869d70f) --- source3/passdb/pdb_ldap.c | 39 ++++++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 13 deletions(-) (limited to 'source3') diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index 2994b06ef0..0d680db2be 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -96,6 +96,8 @@ struct ldapsam_privates { /* configuration items */ int schema_ver; + + char *domain_dn; }; /********************************************************************** @@ -2885,7 +2887,7 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, int poli LDAPMessage *entry = NULL; int count; int rc; - pstring filter, base; + pstring filter; char **vals; const char *policy_string = NULL; int tmp_val; @@ -2915,12 +2917,13 @@ static NTSTATUS ldapsam_get_account_policy(struct pdb_methods *methods, int poli LDAP_OBJ_ACCOUNT_POLICY, get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string); - - pstr_sprintf(base, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - get_global_sam_name(), lp_ldap_suffix()); + + if (!ldap_state->domain_dn) { + return NT_STATUS_INVALID_PARAMETER; + } search: - rc = smbldap_search(ldap_state->smbldap_state, base, + rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn, LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result); if (rc != LDAP_SUCCESS) @@ -2995,7 +2998,7 @@ static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int poli LDAPMessage *entry = NULL; int count; int rc; - pstring filter, base, dn; + pstring filter, dn; int modop; LDAPMod **mods = NULL; fstring value_string; @@ -3029,10 +3032,11 @@ static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int poli get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string); - pstr_sprintf(base, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - get_global_sam_name(), lp_ldap_suffix()); - - rc = smbldap_search(ldap_state->smbldap_state, base, + if (!ldap_state->domain_dn) { + return NT_STATUS_INVALID_PARAMETER; + } + + rc = smbldap_search(ldap_state->smbldap_state, ldap_state->domain_dn, LDAP_SCOPE_ONELEVEL, filter, attrs, 0, &result); if (rc != LDAP_SUCCESS) @@ -3069,10 +3073,9 @@ static NTSTATUS ldapsam_set_account_policy(struct pdb_methods *methods, int poli modop = LDAP_MOD_ADD; - pstr_sprintf(dn, "%s=%s,%s=%s,%s", + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(acctpol_attr_list, LDAP_ATTR_ACCOUNT_POLICY_NAME), policy_string, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), get_global_sam_name(), - lp_ldap_suffix()); + ldap_state->domain_dn); smbldap_set_mod( &mods, modop, "objectClass", LDAP_OBJ_ACCOUNT_POLICY ); @@ -3131,6 +3134,9 @@ static void free_private_data(void **vp) ldap_msgfree((*ldap_state)->result); (*ldap_state)->result = NULL; } + if ((*ldap_state)->domain_dn != NULL) { + SAFE_FREE((*ldap_state)->domain_dn); + } *ldap_state = NULL; @@ -3252,6 +3258,7 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met DOM_SID ldap_domain_sid; DOM_SID secrets_domain_sid; pstring domain_sid_string; + char *dn; if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common(pdb_context, pdb_method, location))) { return nt_status; @@ -3289,6 +3296,12 @@ and will risk BDCs having inconsistant SIDs\n")); return NT_STATUS_UNSUCCESSFUL; } + dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); + if (!dn) { + return NT_STATUS_UNSUCCESSFUL; + } + + ldap_state->domain_dn = smb_xstrdup(dn); if (smbldap_get_single_pstring(ldap_state->smbldap_state->ldap_struct, entry, get_userattr_key2string(ldap_state->schema_ver, LDAP_ATTR_USER_SID), domain_sid_string)) { -- cgit