diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-10-29 17:30:18 +1300 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2014-04-02 17:12:46 +0200 |
commit | 6f8fb163e02579d57e731c0c09eafee5627bec62 (patch) | |
tree | 760a79f0d2718a0a5a696a1860a0ad247b07d582 /source3/passdb | |
parent | 77e4beb0e027bb49454716b86c782c98c2ed823b (diff) | |
download | samba-6f8fb163e02579d57e731c0c09eafee5627bec62.tar.gz |
dsdb: Rework samdb_result_acct_flags to use either userAccountControl or msDS-User-Account-Control-Computed
This allows us to avoid the domain lookup in the constructed attribute
when not required.
By using msDS-User-Account-Control-Computed the lockout and password
expiry checks are now handled in the operational ldb module.
Andrew Bartlett
Change-Id: I6eb94933e4602e2e50c2126062e9dfa83a46191b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Diffstat (limited to 'source3/passdb')
-rw-r--r-- | source3/passdb/pdb_samba_dsdb.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/source3/passdb/pdb_samba_dsdb.c b/source3/passdb/pdb_samba_dsdb.c index dee20efbf84..01e747a00fc 100644 --- a/source3/passdb/pdb_samba_dsdb.c +++ b/source3/passdb/pdb_samba_dsdb.c @@ -272,12 +272,12 @@ static NTSTATUS pdb_samba_dsdb_init_sam_from_priv(struct pdb_methods *m, } pdb_set_user_sid(sam, sid, PDB_SET); - n = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); + n = samdb_result_acct_flags(msg, "msDS-User-Account-Control-Computed"); if (n == 0) { DEBUG(10, ("Could not pull userAccountControl\n")); goto fail; } - pdb_set_acct_ctrl(sam, ds_uf2acb(n), PDB_SET); + pdb_set_acct_ctrl(sam, n, PDB_SET); blob = ldb_msg_find_ldb_val(msg, "unicodePwd"); if (blob) { @@ -614,7 +614,8 @@ static NTSTATUS pdb_samba_dsdb_getsamupriv(struct pdb_samba_dsdb_state *state, "sAMAccountName", "displayName", "homeDirectory", "homeDrive", "scriptPath", "profilePath", "description", "userWorkstations", "comment", "userParameters", "objectSid", - "primaryGroupID", "userAccountControl", "logonHours", + "primaryGroupID", "userAccountControl", + "msDS-User-Account-Control-Computed", "logonHours", "badPwdCount", "logonCount", "countryCode", "codePage", "unicodePwd", "dBCSPwd", NULL }; @@ -1936,9 +1937,7 @@ static bool pdb_samba_dsdb_search_filter(struct pdb_methods *m, } sid_peek_rid(sid, &e->rid); - e->acct_flags = samdb_result_acct_flags(state->ldb, tmp_ctx, - res->msgs[i], - ldb_get_default_basedn(state->ldb)); + e->acct_flags = samdb_result_acct_flags(res->msgs[i], "userAccountControl"); e->account_name = ldb_msg_find_attr_as_string( res->msgs[i], "samAccountName", NULL); if (e->account_name == NULL) { |