python/samdb: add more object types for adding/remove group members

The filters are based on the MS Windows filter, which are used by the
basic group member management dialog.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 1090383f5266a52d24f01c493a9edf3d122d3551..6d716b07c2950bea3e5f1e5aead286d466b84c1b 100644 (file)
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -260,6 +260,27 @@ pwdLastSet: 0
         if 'group' in member_types:
             filter += ('(&(sAMAccountName=%s)(objectclass=group))' %
                        ldb.binary_encode(member))
+        if 'computer' in member_types:
+            samaccountname = member
+            if member[-1] != '$':
+                samaccountname = "%s$" % member
+            filter += ('(&(samAccountType=%d)'
+                       '(!(objectCategory=msDS-ManagedServiceAccount))'
+                       '(sAMAccountName=%s))' %
+                       (dsdb.ATYPE_WORKSTATION_TRUST,
+                        ldb.binary_encode(samaccountname)))
+        if 'serviceaccount' in member_types:
+            samaccountname = member
+            if member[-1] != '$':
+                samaccountname = "%s$" % member
+            filter += ('(&(samAccountType=%d)'
+                       '(objectCategory=msDS-ManagedServiceAccount)'
+                       '(sAMAccountName=%s))' %
+                       (dsdb.ATYPE_WORKSTATION_TRUST,
+                        ldb.binary_encode(samaccountname)))
+        if 'contact' in member_types:
+            filter += ('(&(objectCategory=Person)(!(objectSid=*))(name=%s))' %
+                       ldb.binary_encode(member))
 
         filter = "(|%s)" % filter