Univention Bugzilla – Attachment 4146 Details for
Bug 26005
objectSid im S4 Connector beim Hinzufügen von Objekten in Samba setzen
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
sid_to_s4.patch
sid_to_s4.patch (text/plain), 2.49 KB, created by
Arvid Requate
on 2012-02-02 18:44:50 CET
(
hide
)
Description:
sid_to_s4.patch
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2012-02-02 18:44:50 CET
Size:
2.49 KB
patch
obsolete
>Index: univention-s4-connector/modules/univention/s4connector/s4/sid_mapping.py >=================================================================== >--- univention-s4-connector/modules/univention/s4connector/s4/sid_mapping.py (Revision 30654) >+++ univention-s4-connector/modules/univention/s4connector/s4/sid_mapping.py (Arbeitskopie) >@@ -34,7 +34,9 @@ > > import ldap > import univention.debug2 as ud >-import univention.s4connector.s4 >+from ldap.controls import LDAPControl >+from samba.dcerpc import security >+from samba.ndr import ndr_pack, ndr_unpack > > def sid_to_s4(s4connector, key, object): > ud.debug(ud.LDAP, ud.INFO, "sid_to_s4 object: %s" % object) >@@ -59,21 +61,27 @@ > (s4_dn, s4_attributes) = s4connector.lo_s4.lo.search_s(s4_dn, ldap.SCOPE_BASE, '(objectSid=*)', ['objectSid'] )[0] > objectSid = s4_attributes.get('objectSid') > if objectSid: >- decoded_s4_sid = univention.s4connector.s4.decode_sid(objectSid[0]) >- if decoded_s4_sid == sambaSID[0]: >- ud.debug(ud.LDAP, ud.INFO, 'sid_to_s4: objectSID and %s are equal' % sidAttribute) >+ # decoded_s4_sid = univention.s4connector.s4.decode_sid(objectSid[0]) >+ s4_objectSid = ndr_unpack(security.dom_sid, objectSid[0]) >+ decoded_s4_sid = str(s4_objectSid) >+ if objectSid_str == sambaSID[0]: >+ ud.debug(ud.LDAP, ud.INFO, 'sid_to_s4: objectSid and %s are equal' % sidAttribute) > return > >- # change objectSID >+ ### change objectSID > # objectSid modification for an AD object seems to be not possible: > # http://serverfault.com/questions/53717/how-can-i-change-the-sid-of-a-user-account-in-the-active-directory > # http://technet.microsoft.com/en-us/library/cc961998.aspx > >- ud.debug(ud.LDAP, ud.INFO, 'sid_to_s4: The objectSid modification in S4 / AD is not allowed.') >- #encoded_sambaSID = univention.s4connector.s4.encode_sid(sambaSID[0]) >- #modlist.append((ldap.MOD_REPLACE, 'objectSid', encoded_sambaSID)) >- #s4connector.lo_s4.lo.modify_ext_s(s4_dn, modlist) >+ ud.debug(ud.LDAP, ud.INFO, 'sid_to_s4: changing objectSid from %s to %s' % (decoded_s4_sid, sambaSID[0]) ) >+ new_objectSid_ndr = ndr_pack(security.dom_sid(sambaSID[0])) >+ modlist.append((ldap.MOD_REPLACE, 'objectSid', new_objectSid_ndr)) > >+ # objectSid modification for an Samba4 object is only possible with the "provision" control: >+ LDB_CONTROL_PROVISION_OID = '1.3.6.1.4.1.7165.4.3.16' >+ controls = [ LDAPControl(LDB_CONTROL_PROVISION_OID,criticality=0) ] >+ s4connector.lo_s4.lo.modify_ext_s(s4_dn, modlist, serverctrls=controls) >+ > pass > > def sid_to_ucs(s4connector, key, s4_object):
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4146">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 26005
:
4140
|
4141
|
4142
| 4146