s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307
authorAndrew Bartlett <abartlet@samba.org>
Wed, 26 Dec 2012 09:48:12 +0000 (20:48 +1100)
committerStefan Metzmacher <metze@samba.org>
Thu, 10 Jan 2013 13:52:56 +0000 (14:52 +0100)
This change matches the source3/idmap/idmap_ad.c code, and allows this
feature to work with only the setting of the UID/GID in Active
Directory Users and Computers.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
source4/winbind/idmap.c

index a6cc88f..3773c1d 100644 (file)
@@ -236,8 +236,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
                                                      LDB_SCOPE_SUBTREE,
                                                      sam_attrs, 0,
                                                      "(&(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u))"
-                                                     "(uidNumber=%u)(objectSid=*)"
-                                                     "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+                                                     "(uidNumber=%u)(objectSid=*))",
                                                      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST, unixid->id);
                        } else {
                                /* If we are not to use the rfc2307 attributes, we just emulate a non-match */
@@ -274,8 +273,7 @@ static NTSTATUS idmap_xid_to_sid(struct idmap_context *idmap_ctx,
                                                      ldb_get_default_basedn(idmap_ctx->samdb),
                                                      LDB_SCOPE_SUBTREE,
                                                      sam_attrs, 0,
-                                                     "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u)"
-                                                     "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+                                                     "(&(|(sAMaccountType=%u)(sAMaccountType=%u))(gidNumber=%u))",
                                                      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP,
                                                      unixid->id);
                        } else {
@@ -439,8 +437,7 @@ static NTSTATUS idmap_sid_to_xid(struct idmap_context *idmap_ctx,
                                      "(&(objectSid=%s)"
                                      "(|(sAMaccountType=%u)(sAMaccountType=%u)(sAMaccountType=%u)"
                                      "(sAMaccountType=%u)(sAMaccountType=%u))"
-                                     "(|(uidNumber=*)(gidNumber=*))"
-                                     "(|(objectClass=posixAccount)(objectClass=posixGroup)))",
+                                     "(|(uidNumber=*)(gidNumber=*)))",
                                      dom_sid_string(tmp_ctx, sid),
                                      ATYPE_ACCOUNT, ATYPE_WORKSTATION_TRUST, ATYPE_INTERDOMAIN_TRUST,
                                      ATYPE_SECURITY_GLOBAL_GROUP, ATYPE_SECURITY_LOCAL_GROUP);