Changeset 11460 for trunk

Timestamp:

09/30/08 13:54:54 (3 months ago)

Author:

juruen@…

Message:

+ Do not delete some domain attributes that are used to store password

attributes such us password length, expiration...

Location:

trunk/client/samba

Files:

• ChangeLog (modified) (1 diff)
• conf/80samba.conf (modified) (1 diff)
• src/EBox/SambaLdapUser.pm (modified) (4 diffs)

trunk/client/samba/ChangeLog

@@ -3 +3 @@
         It's possible to run into that scenarion depending when the user/group is
         created
+        + Do not delete some domain attributes that are used to store password
+        attributes such us password length, expiration...
 0.12.3
         + Add configuration variable to enable/disable quota support

trunk/client/samba/conf/80samba.conf

@@ -20 +20 @@
 
 # enable quota support
-enable_quota = no
+enable_quota = yes

trunk/client/samba/src/EBox/SambaLdapUser.pm

@@ -984 +984 @@
         my $sid  = getSID();
 
+        my %domainAttrs = %{$self->_fetchDomainAttrs($domain)};
         $self->deleteSambaDomainNameAttrs();
         $self->deleteSambaDomains();
@@ -995 +996 @@
                         'gidNumber'             => $users->lastGid,
                         'objectClass'           => ['sambaDomain', 
-                                                    'sambaUnixidPool']
+                                                    'sambaUnixidPool'],
+                        %domainAttrs
                         ]
-                   );
+                );
 
         my $dn = "sambaDomainName=$domain,dc=ebox";
@@ -1003 +1005 @@
 }
 
+sub _fetchDomainAttrs
+{
+        my ($self, $domain) = @_;
+
+        my $ldap = EBox::Ldap->instance();
+
+        my @attrs = qw/sambaPwdHistoryLength sambaMaxPwdAge sambaLockoutThreshold/;
+        my $result = $ldap->search( 
+                        {
+                        base => $ldap->dn(),
+                        filter => "sambaDomainName=$domain",
+                        scope => 'sub',
+                        attrs => [@attrs],
+                        }
+                        );
+
+        my $entry = $result->pop_entry();
+        return {} unless defined($entry);
+        my %attributes;
+        for my $attr (@attrs) {
+                $attributes{$attr} = $entry->get_value($attr);
+                return {} unless defined($attributes{$attr});
+        }
+        return \%attributes;
+}
 
 sub deleteSambaDomainNameAttrs
@@ -1205 +1232 @@
                         base   => $groupDN,
                         filter => "(&(objectclass=sambaGroupMapping)(!(sambaSID=$sid*)))",
-                        attrs  => ['sambaSID'],
+                        attrs  => ['sambaSID', 'cn'],
                         scope  => 'sub'
                         );
 
         $result = $ldap->search(\%attrs);
+        my %groupsToSkip = ('Administrators' => 1, 'Account Operators' => 1,
+                            'Print Operators' => 1, 'Backup Operators' => 1, 'Replicators' => 1);
 
         for my $entry ($result->entries()) {
+                next if $groupsToSkip{$entry->get_value('cn')};
                 my $oldSID = $entry->get_value('sambaSID');
                 my ($lastNumbers) = $oldSID =~ /.*-(\d+)$/;