python/samdb: adapt search filter for user object type

Use a user search filter which is similar to the filter which is used
by the basic MS Windows group membership management.

The filter filters for objects with the sAMAccountType ATYPE_NORMAL_ACCOUNT.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 1230cbb93f48336e862d3848fa08ae22593e0ce3..7852373c817f5fbfa3722c0440ae2156bbe3c22b 100644 (file)
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -255,8 +255,8 @@ pwdLastSet: 0
         filter = ""
 
         if 'user' in member_types:
-            filter += ('(&(sAMAccountName=%s)(objectclass=user))' %
-                       ldb.binary_encode(member))
+            filter += ('(&(sAMAccountName=%s)(samAccountType=%d))' %
+                       (ldb.binary_encode(member), dsdb.ATYPE_NORMAL_ACCOUNT))
         if 'group' in member_types:
             filter += ('(&(sAMAccountName=%s)(objectclass=group))' %
                        ldb.binary_encode(member))