+ uint32_t has_objectclass;
+ NTSTATUS status;
+
+ username = escape_ldap_string(talloc_tos(), name);
+ if (username == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ filter = talloc_asprintf(talloc_tos(), "(&(uid=%s)(objectClass=%s))",
+ username, LDAP_OBJ_POSIXACCOUNT);
+ if (filter == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ TALLOC_FREE(username);
+
+ ret = smbldap_search_suffix(ldap_state->smbldap_state, filter, NULL,
+ &result);
+ if (ret != LDAP_SUCCESS) {
+ DEBUG(0, ("smbldap_search_suffix failed.\n"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ num_result = ldap_count_entries(priv2ld(ldap_state), result);
+
+ if (num_result != 1) {
+ if (num_result == 0) {
+ status = NT_STATUS_NO_SUCH_USER;
+ } else {
+ DEBUG (0, ("find_user: More than one user with name [%s] ?!\n",
+ name));
+ status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ goto done;
+ }
+
+ entry = ldap_first_entry(priv2ld(ldap_state), result);
+ if (!entry) {
+ DEBUG(0,("find_user: Out of memory!\n"));
+ status = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ dn = smbldap_talloc_dn(talloc_tos(), priv2ld(ldap_state), entry);
+ if (!dn) {
+ DEBUG(0,("find_user: Out of memory!\n"));
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ status = ipasam_get_objectclasses(ldap_state, dn, entry, &has_objectclass);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto done;
+ }
+
+ *_dn = dn;
+ *_has_objectclass = has_objectclass;
+
+ status = NT_STATUS_OK;
+
+done:
+ ldap_msgfree(result);
+
+ return status;
+}
+
+static NTSTATUS ipasam_add_posix_account_objectclass(struct ldapsam_privates *ldap_state,
+ int ldap_op,
+ const char *dn,
+ const char *username)
+{
+ int ret;
+ LDAPMod **mods = NULL;
+ NTSTATUS status;
+
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "objectclass", "posixAccount");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "cn", username);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "gidNumber", "12345");
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ "homeDirectory", "/dev/null");
+
+ if (ldap_op == LDAP_MOD_ADD) {
+ ret = smbldap_add(ldap_state->smbldap_state, dn, mods);
+ } else {
+ ret = smbldap_modify(ldap_state->smbldap_state, dn, mods);
+ }
+ ldap_mods_free(mods, 1);
+ if (ret != LDAP_SUCCESS) {
+ DEBUG(1, ("failed to modify/add user with uid = %s (dn = %s)\n",
+ username, dn));
+ return status;
+ }
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS ipasam_add_ipa_objectclasses(struct ldapsam_privates *ldap_state,
+ const char *dn, const char *name,
+ const char *domain,
+ uint32_t acct_flags,
+ uint32_t has_objectclass)
+{