diff options
author | Rowland Penny <rpenny@samba.org> | 2017-06-07 15:57:53 +0100 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2017-06-09 23:24:47 +0200 |
commit | b64f0b5da640524c5f11b0e7eb2777a39fa04b95 (patch) | |
tree | 00c0795909f6185c6835be8719881b0c1eff1da2 /python | |
parent | f180b1c21ccc3ba0097e61eac7b6b7560736bdc3 (diff) | |
download | samba-b64f0b5da640524c5f11b0e7eb2777a39fa04b95.tar.gz |
samba-tool: You cannot add members to a group if the member exists as a sAMAccountName and a CN.
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Jun 9 23:24:47 CEST 2017 on sn-devel-144
Diffstat (limited to 'python')
-rw-r--r-- | python/samba/netcmd/group.py | 2 | ||||
-rw-r--r-- | python/samba/samdb.py | 9 |
2 files changed, 8 insertions, 3 deletions
diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py index 11f87732def..b9d6add4cf9 100644 --- a/python/samba/netcmd/group.py +++ b/python/samba/netcmd/group.py @@ -199,6 +199,8 @@ This command adds one or more members to an existing Active Directory group. The When a member is added to a group the member may inherit permissions and rights from the group. Likewise, when permission or rights of a group are changed, the changes may reflect in the members through inheritance. +The member names specified on the command must be the sAMaccountName. + Example1: samba-tool group addmembers supergroup Group1,Group2,User1 -H ldap://samba.samdom.example.com -Uadministrator%passw0rd diff --git a/python/samba/samdb.py b/python/samba/samdb.py index 19dd8e9a6ad..719bb8b2d90 100644 --- a/python/samba/samdb.py +++ b/python/samba/samdb.py @@ -266,9 +266,12 @@ changetype: modify """ % (str(targetgroup[0].dn)) for member in members: - targetmember = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE, - expression="(|(sAMAccountName=%s)(CN=%s))" % ( - ldb.binary_encode(member), ldb.binary_encode(member)), attrs=[]) + filter = ('(&(sAMAccountName=%s)(|(objectclass=user)' + '(objectclass=group)))' % ldb.binary_encode(member)) + targetmember = self.search(base=self.domain_dn(), + scope=ldb.SCOPE_SUBTREE, + expression="%s" % filter, + attrs=[]) if len(targetmember) != 1: raise Exception('Unable to find "%s". Operation cancelled.' % member) |