[sugj-tech:7366] Re: [FYI]OpenSUSE 11.2では net sam provisionが動作しない

2010年 7月 23日 (金) 23:44:12 JST

On Thu, Jul 22, 2010 at 06:30:17PM +0900, gwmaster wrote:

> ldapsam:editposix_rfc2307bis か

を採用したパッチを作ってみました。groupOfNamesのほうはまだ動きません。
memberの定義に失敗してます。ここはDNじゃなければだめ。

-----------------------------------------------------------------------
diff -urN ./source3/include/smbldap.h ../samba-3.4.3-new/source3/include/smbldap.h

--- ./source3/include/smbldap.h	2009-10-29 16:47:16.000000000 +0900
+++ ../samba-3.4.3-new/source3/include/smbldap.h	2010-07-22 20:22:13.409551744 +0900
@@ -46,6 +46,8 @@
 #define LDAP_OBJ_POSIXACCOUNT		"posixAccount"
 #define LDAP_OBJ_POSIXGROUP		"posixGroup"
 #define LDAP_OBJ_OU			"organizationalUnit"
+#define LDAP_OBJ_NAMEDOBJECT            "namedObject"      /* structual objectclass (for SUSE)*/
+#define LDAP_OBJ_GROUPOFNAMES           "groupOfNames"     /* structual objectclass */
 
 /* some generic attributes that get reused a lot */
 
diff -urN ./source3/utils/net_sam.c ../samba-3.4.3-new/source3/utils/net_sam.c
--- ./source3/utils/net_sam.c	2009-10-29 16:47:16.000000000 +0900
+++ ../samba-3.4.3-new/source3/utils/net_sam.c	2010-07-23 07:28:06.288326356 +0900
@@ -1424,6 +1424,7 @@
 	gid_t domadmins_gid = -1;
 	struct samu *samuser;
 	struct passwd *pwd;
+	const char *rfc2307bis_str = NULL; /* for lp_parm_string return value */
 
 	if (c->display_usage) {
 		d_printf("Usage:\n"
@@ -1478,6 +1479,9 @@
 
 	d_printf("Checking for Domain Users group.\n");
 
+	rfc2307bis_str = lp_parm_const_string(-1,"ldapsam","editposix_rfc2307bis",NULL); /* get option */
+	d_printf("ldapsam:editposix_rfc2307bis = %s\n",rfc2307bis_str);
+
 	sid_compose(&gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
 
 	if (!pdb_getgrsid(&gmap, gsid)) {
@@ -1510,6 +1514,14 @@
 
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+
+		if (rfc2307bis_str && strequal(rfc2307bis_str, "namedObject")) {
+		    smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_NAMEDOBJECT);
+		} else if (strequal(rfc2307bis_str, "groupOfNames")) {
+		    smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPOFNAMES);
+                    smbldap_set_mod(&mods, LDAP_MOD_ADD, "member", uname);
+		}
+
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
@@ -1565,6 +1577,14 @@
 
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+
+               if (rfc2307bis_str && strequal(rfc2307bis_str, "namedObject")) {
+                    smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_NAMEDOBJECT);
+               } else if (strequal(rfc2307bis_str, "groupOfNames")) {
+		    smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPOFNAMES);
+ 	            smbldap_set_mod(&mods, LDAP_MOD_ADD, "member", uname);
+	       }
+
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
@@ -1787,6 +1807,14 @@
 
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_POSIXGROUP);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);
+
+               if (rfc2307bis_str && strequal(rfc2307bis_str, "namedObject")) {
+                    smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_NAMEDOBJECT);
+               } else if (strequal(rfc2307bis_str, "groupOfNames")) {
+                    smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPOFNAMES);
+                    smbldap_set_mod(&mods, LDAP_MOD_ADD, "member", uname);
+	       }
+
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "cn", uname);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", wname);
 		smbldap_set_mod(&mods, LDAP_MOD_ADD, "gidNumber", gidstr);
