summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorRowland Penny <rpenny@samba.org>2017-06-07 15:57:53 +0100
committerAlexander Bokovoy <ab@samba.org>2017-06-09 23:24:47 +0200
commitb64f0b5da640524c5f11b0e7eb2777a39fa04b95 (patch)
tree00c0795909f6185c6835be8719881b0c1eff1da2 /python
parentf180b1c21ccc3ba0097e61eac7b6b7560736bdc3 (diff)
downloadsamba-b64f0b5da640524c5f11b0e7eb2777a39fa04b95.tar.gz
samba-tool: You cannot add members to a group if the member exists as a sAMAccountName and a CN.
Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Fri Jun 9 23:24:47 CEST 2017 on sn-devel-144
Diffstat (limited to 'python')
-rw-r--r--python/samba/netcmd/group.py2
-rw-r--r--python/samba/samdb.py9
2 files changed, 8 insertions, 3 deletions
diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
index 11f87732def..b9d6add4cf9 100644
--- a/python/samba/netcmd/group.py
+++ b/python/samba/netcmd/group.py
@@ -199,6 +199,8 @@ This command adds one or more members to an existing Active Directory group. The
When a member is added to a group the member may inherit permissions and rights from the group. Likewise, when permission or rights of a group are changed, the changes may reflect in the members through inheritance.
+The member names specified on the command must be the sAMaccountName.
+
Example1:
samba-tool group addmembers supergroup Group1,Group2,User1 -H ldap://samba.samdom.example.com -Uadministrator%passw0rd
diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 19dd8e9a6ad..719bb8b2d90 100644
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -266,9 +266,12 @@ changetype: modify
""" % (str(targetgroup[0].dn))
for member in members:
- targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression="(|(sAMAccountName=%s)(CN=%s))" % (
- ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[])
+ filter = ('(&(sAMAccountName=%s)(|(objectclass=user)'
+ '(objectclass=group)))' % ldb.binary_encode(member))
+ targetmember = self.search(base=self.domain_dn(),
+ scope=ldb.SCOPE_SUBTREE,
+ expression="%s" % filter,
+ attrs=[])
if len(targetmember) != 1:
raise Exception('Unable to find "%s". Operation cancelled.' % member)