samba-tool group addmembers: add --member-base-dn option for group member search

Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
author: Björn Baumbach <bb@sernet.de> 2019-12-30 14:54:32 +0100
committer: Stefan Metzmacher <metze@samba.org> 2020-01-21 14:38:47 +0000
commit: 557fa1d44b687a552f7a1413306c229449f5eddd (patch)
tree: 509afde596df4b168f0ab1586d7dd515f8612107 /python
parent: 5b129bf12ba138ffd097443fee52709c7f82cf46 (diff)
download: samba-557fa1d44b687a552f7a1413306c229449f5eddd.tar.gz
2 files changed, 25 insertions, 4 deletions
diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
index abc72f588d0..1467ddd0f23 100644
--- a/python/samba/netcmd/group.py
+++ b/python/samba/netcmd/group.py
@@ -243,6 +243,10 @@ Example2 shows how to add a single user account, User2, to the supergroup AD gro
                      "Default: user,group,computer"),
                default="user,group,computer",
                type=str),
+        Option("--member-base-dn",
+               help=("Base DN for group member search.\n"
+                     "Default is the domain DN."),
+               type=str),
     ]
 
     takes_args = ["groupname", "listofmembers?"]
@@ -254,6 +258,7 @@ Example2 shows how to add a single user account, User2, to the supergroup AD gro
             sambaopts=None,
             versionopts=None,
             H=None,
+            member_base_dn=None,
             member_dn=None,
             object_types="user,group,computer"):
 
@@ -275,9 +280,13 @@ Example2 shows how to add a single user account, User2, to the supergroup AD gro
                 groupmembers += listofmembers.split(',')
             group_member_types = object_types.split(',')
 
+            if member_base_dn is not None:
+                member_base_dn = samdb.normalize_dn_in_domain(member_base_dn)
+
             samdb.add_remove_group_members(groupname, groupmembers,
                                            add_members_operation=True,
-                                           member_types=group_member_types)
+                                           member_types=group_member_types,
+                                           member_base_dn=member_base_dn)
         except Exception as e:
             # FIXME: catch more specific exception
             raise CommandError('Failed to add members %r to group "%s"' % (
@@ -328,6 +337,10 @@ Example2 shows how to remove a single user account, User2, from the supergroup A
                      "Default: user,group,computer"),
                default="user,group,computer",
                type=str),
+        Option("--member-base-dn",
+               help=("Base DN for group member search.\n"
+                     "Default is the domain DN."),
+               type=str),
     ]
 
     takes_args = ["groupname", "listofmembers?"]
@@ -339,6 +352,7 @@ Example2 shows how to remove a single user account, User2, from the supergroup A
             sambaopts=None,
             versionopts=None,
             H=None,
+            member_base_dn=None,
             member_dn=None,
             object_types="user,group,computer"):
 
@@ -360,10 +374,14 @@ Example2 shows how to remove a single user account, User2, from the supergroup A
                 groupmembers += listofmembers.split(',')
             group_member_types = object_types.split(',')
 
+            if member_base_dn is not None:
+                member_base_dn = samdb.normalize_dn_in_domain(member_base_dn)
+
             samdb.add_remove_group_members(groupname,
                                            groupmembers,
                                            add_members_operation=False,
-                                           member_types=group_member_types)
+                                           member_types=group_member_types,
+                                           member_base_dn=member_base_dn)
         except Exception as e:
             # FIXME: Catch more specific exception
             raise CommandError('Failed to remove members %r from group "%s"' % (listofmembers, groupname), e)
diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index d0320c1d2cc..d903babb406 100644
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -306,7 +306,8 @@ pwdLastSet: 0
 
     def add_remove_group_members(self, groupname, members,
                                  add_members_operation=True,
-                                 member_types=[ 'user', 'group', 'computer' ]):
+                                 member_types=[ 'user', 'group', 'computer' ],
+                                 member_base_dn=None):
         """Adds or removes group members
 
         :param groupname: Name of the target group
@@ -335,6 +336,8 @@ changetype: modify
 
             for member in members:
                 targetmember_dn = None
+                if member_base_dn is None:
+                    member_base_dn = self.domain_dn()
 
                 try:
                     membersid = security.dom_sid(member)
@@ -355,7 +358,7 @@ changetype: modify
 
                 if targetmember_dn is None:
                     filter = self.group_member_filter(member, member_types)
-                    targetmember = self.search(base=self.domain_dn(),
+                    targetmember = self.search(base=member_base_dn,
                                                scope=ldb.SCOPE_SUBTREE,
                                                expression=filter,
                                                attrs=[])
author	Björn Baumbach <bb@sernet.de>	2019-12-30 14:54:32 +0100
committer	Stefan Metzmacher <metze@samba.org>	2020-01-21 14:38:47 +0000
commit	557fa1d44b687a552f7a1413306c229449f5eddd (patch)
tree	509afde596df4b168f0ab1586d7dd515f8612107 /python
parent	5b129bf12ba138ffd097443fee52709c7f82cf46 (diff)
download	samba-557fa1d44b687a552f7a1413306c229449f5eddd.tar.gz