+static NTSTATUS ipasam_add_ipa_group_objectclasses(struct ldapsam_privates *ldap_state,
+ const char *dn,
+ const char *name,
+ uint32_t has_objectclass)
+{
+ LDAPMod **mods = NULL;
+ NTSTATUS status;
+ int ret;
+
+ if (!(has_objectclass & HAS_GROUPOFNAMES)) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ LDAP_ATTRIBUTE_OBJECTCLASS,
+ LDAP_OBJ_GROUPOFNAMES);
+ }
+
+ if (!(has_objectclass & HAS_NESTEDGROUP)) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ LDAP_ATTRIBUTE_OBJECTCLASS,
+ LDAP_OBJ_NESTEDGROUP);
+ }
+
+ if (!(has_objectclass & HAS_IPAUSERGROUP)) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ LDAP_ATTRIBUTE_OBJECTCLASS,
+ LDAP_OBJ_IPAUSERGROUP);
+ }
+
+ if (!(has_objectclass & HAS_IPAOBJECT)) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ LDAP_ATTRIBUTE_OBJECTCLASS,
+ LDAP_OBJ_IPAOBJECT);
+ }
+
+ if (!(has_objectclass & HAS_POSIXGROUP)) {
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ LDAP_ATTRIBUTE_OBJECTCLASS,
+ LDAP_OBJ_POSIXGROUP);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ LDAP_ATTRIBUTE_CN,
+ name);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ LDAP_ATTRIBUTE_GIDNUMBER,
+ IPA_MAGIC_ID_STR);
+ }
+
+ ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
+ ldap_mods_free(mods, 1);
+ if (ret != LDAP_SUCCESS) {
+ DEBUG(1, ("failed to modify/add group %s (dn = %s)\n",
+ name, dn));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+