From 353481daa2497f52c8eec6d760981f17a5f528ca Mon Sep 17 00:00:00 2001
From: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
Date: Sun, 6 Sep 2009 21:08:08 +0200
Subject: s4:provision - Add a new delete function only for users and computers

We need this new function to delete users and computers before other objects
on reprovisioning. Otherwise primary groups could be deleted before user/computer
accounts (which isn't allowed anymore by the reworked "samldb" module).
---
 source4/scripting/python/samba/__init__.py | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'source4')

diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 720a015c63..fe365bdf94 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -132,9 +132,32 @@ class Ldb(ldb.Ldb):
         assert len(values) == 1
         return self.schema_format_value(attribute, values.pop())
 
+    def erase_users_computers(self, dn):
+        """Erases user and computer objects from our AD. This is needed since the 'samldb' module denies the deletion of primary groups. Therefore all groups shouldn't be primary somewhere anymore."""
+
+        try:
+            res = self.search(base=dn, scope=ldb.SCOPE_SUBTREE, attrs=[],
+                      expression="(|(objectclass=user)(objectclass=computer))")
+        except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+            # Ignore no such object errors
+            return
+            pass
+
+        try:
+            for msg in res:
+                self.delete(msg.dn)
+        except ldb.LdbError, (ldb.ERR_NO_SUCH_OBJECT, _):
+            # Ignore no such object errors
+            return
+
     def erase_except_schema_controlled(self):
         """Erase this ldb, removing all records, except those that are controlled by Samba4's schema."""
+
         basedn = ""
+
+        # Try to delete user/computer accounts to allow deletion of groups
+        self.erase_users_computers(basedn)
+
         # Delete the 'visible' records, and the invisble 'deleted' records (if this DB supports it)
         for msg in self.search(basedn, ldb.SCOPE_SUBTREE, 
                                "(&(|(objectclass=*)(distinguishedName=*))(!(distinguishedName=@BASEINFO)))",
@@ -199,6 +222,8 @@ class Ldb(ldb.Ldb):
         if not "namingContexts" in res[0]:
             return
         for basedn in res[0]["namingContexts"]:
+            # Try to delete user/computer accounts to allow deletion of groups
+            self.erase_users_computers(basedn)
             # Try and erase from the bottom-up in the tree
             erase_recursive(self, basedn)
 
-- 
cgit