return LDB_SUCCESS;
}
+
+/**
+ * Determine and set primaryGroupID based on userAccountControl value
+ * @param ldb Current ldb_context
+ * @param usr_obj ldb_message representing User object
+ * @param user_account_control Value for userAccountControl flags
+ * @param group_rid_p Optional pointer to group RID to return
+ * @return LDB_SUCCESS or LDB_ERR* code on failure
+ */
+int dsdb_user_obj_set_primary_group_id(struct ldb_context *ldb, struct ldb_message *usr_obj,
+ uint32_t user_account_control, uint32_t *group_rid_p)
+{
+ int ret;
+ uint32_t rid;
+ struct ldb_message_element *el;
+
+ rid = ds_uf2prim_group_rid(user_account_control);
+
+ ret = samdb_msg_add_uint(ldb, usr_obj, usr_obj,
+ "primaryGroupID", rid);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ el = ldb_msg_find_element(usr_obj, "primaryGroupID");
+ el->flags = LDB_FLAG_MOD_REPLACE;
+
+ if (group_rid_p) {
+ *group_rid_p = rid;
+ }
+
+ return LDB_SUCCESS;
+}
/* Step 1.4: "userAccountControl" -> "primaryGroupID" mapping */
if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
- uint32_t rid = ds_uf2prim_group_rid(user_account_control);
+ uint32_t rid;
+ ret = dsdb_user_obj_set_primary_group_id(ldb, ac->msg, user_account_control, &rid);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
/*
* Older AD deployments don't know about the
* RODC group
return ret;
}
}
-
- ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
- "primaryGroupID", rid);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- el2 = ldb_msg_find_element(ac->msg,
- "primaryGroupID");
- el2->flags = LDB_FLAG_MOD_REPLACE;
}
/* Step 1.5: Add additional flags when needed */
/* objectClass is USER */
if (samdb_find_attribute(ldb, cur_msg, "objectclass", "user") != NULL) {
+ uint32_t primary_group_rid;
/* restoring 'user' instance attribute is heavily borrowed from samldb.c */
/* Default values */
}
/* "userAccountControl" -> "primaryGroupID" mapping */
- if (!ldb_msg_find_element(new_msg, "primaryGroupID")) {
- uint32_t rid = ds_uf2prim_group_rid(user_account_control);
-
- ret = samdb_msg_add_uint(ldb, new_msg, new_msg,
- "primaryGroupID", rid);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- el = ldb_msg_find_element(new_msg, "primaryGroupID");
- el->flags = LDB_FLAG_MOD_REPLACE;
+ ret = dsdb_user_obj_set_primary_group_id(ldb, new_msg, user_account_control, &primary_group_rid);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
+ /*
+ * Older AD deployments don't know about the
+ * RODC group
+ */
+ if (primary_group_rid == DOMAIN_RID_READONLY_DCS) {
+ /* TODO: check group exists */
+ }
+
}
/* objectClass is GROUP */