return LDB_SUCCESS;
}
+
+/**
+ * Sets 'sAMAccountType on user object based on userAccountControl
+ * @param ldb Current ldb_context
+ * @param usr_obj ldb_message representing User object
+ * @param user_account_control Value for userAccountControl flags
+ * @param account_type_p Optional pointer to account_type to return
+ * @return LDB_SUCCESS or LDB_ERR* code on failure
+ */
+int dsdb_user_obj_set_account_type(struct ldb_context *ldb, struct ldb_message *usr_obj,
+ uint32_t user_account_control, uint32_t *account_type_p)
+{
+ int ret;
+ uint32_t account_type;
+ struct ldb_message_element *el;
+
+ account_type = ds_uf2atype(user_account_control);
+ if (account_type == 0) {
+ ldb_set_errstring(ldb, "dsdb: Unrecognized account type!");
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+ ret = samdb_msg_add_uint(ldb, usr_obj, usr_obj,
+ "sAMAccountType",
+ account_type);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ el = ldb_msg_find_element(usr_obj, "sAMAccountType");
+ el->flags = LDB_FLAG_MOD_REPLACE;
+
+ if (account_type_p) {
+ *account_type_p = account_type;
+ }
+
+ return LDB_SUCCESS;
+}
el = ldb_msg_find_element(ac->msg, "userAccountControl");
if (el != NULL) {
- uint32_t user_account_control, account_type;
+ uint32_t user_account_control;
/* Step 1.3: "userAccountControl" -> "sAMAccountType" mapping */
user_account_control = ldb_msg_find_attr_as_uint(ac->msg,
"userAccountControl",
return LDB_ERR_OBJECT_CLASS_VIOLATION;
}
- account_type = ds_uf2atype(user_account_control);
- if (account_type == 0) {
- ldb_set_errstring(ldb, "samldb: Unrecognized account type!");
- return LDB_ERR_UNWILLING_TO_PERFORM;
- }
- ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
- "sAMAccountType",
- account_type);
+ /* add "sAMAccountType" attribute */
+ ret = dsdb_user_obj_set_account_type(ldb, ac->msg, user_account_control, NULL);
if (ret != LDB_SUCCESS) {
return ret;
}
- el2 = ldb_msg_find_element(ac->msg, "sAMAccountType");
- el2->flags = LDB_FLAG_MOD_REPLACE;
/* "isCriticalSystemObject" might be set */
if (user_account_control &
"operatorCount", "0");
if (ret != LDB_SUCCESS) return ret;
- /* restore "sAMAccountType" */
+ /* "userAccountControl" must exists on deleted object */
user_account_control = ldb_msg_find_attr_as_uint(cur_msg, "userAccountControl", (uint32_t)-1);
if (user_account_control == (uint32_t)-1) {
return ldb_error(ldb, LDB_ERR_OPERATIONS_ERROR,
"reanimate: No 'userAccountControl' attribute found!");
}
- account_type = ds_uf2atype(user_account_control);
- if (account_type == 0) {
- ldb_set_errstring(ldb, "reanimate: Unrecognized account type!");
- return LDB_ERR_UNWILLING_TO_PERFORM;
- }
- ret = samdb_msg_add_uint(ldb, new_msg, new_msg, "sAMAccountType", account_type);
+
+ /* restore "sAMAccountType" */
+ ret = dsdb_user_obj_set_account_type(ldb, new_msg, user_account_control, NULL);
if (ret != LDB_SUCCESS) {
return ret;
}
- el = ldb_msg_find_element(new_msg, "sAMAccountType");
- el->flags = LDB_FLAG_MOD_REPLACE;
/* "userAccountControl" -> "primaryGroupID" mapping */
if (!ldb_msg_find_element(new_msg, "primaryGroupID")) {