gpo: Display Security Extension RSOP on ADDC only

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

diff --git a/python/samba/gp_sec_ext.py b/python/samba/gp_sec_ext.py
index 5e49dec75e1c8f4b676c38ed6c905083a1d286f9..620e5adfbf5aa00744eb2c71dc287a5256210e09 100644 (file)
--- a/python/samba/gp_sec_ext.py
+++ b/python/samba/gp_sec_ext.py
@@ -91,6 +91,8 @@ class gp_krb_ext(gp_inf_ext):
 
     def rsop(self, gpo):
         output = {}
+        if self.lp.get('server role') != 'active directory domain controller':
+            return output
         inf_file = 'MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf'
         if gpo.file_sys_path:
             path = os.path.join(gpo.file_sys_path, inf_file)
@@ -205,6 +207,8 @@ class gp_access_ext(gp_inf_ext):
 
     def rsop(self, gpo):
         output = {}
+        if self.lp.get('server role') != 'active directory domain controller':
+            return output
         inf_file = 'MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf'
         if gpo.file_sys_path:
             path = os.path.join(gpo.file_sys_path, inf_file)