samba-tool group addmembers: add --member-base-dn option for group member search

author Björn Baumbach <bb@sernet.de>

Mon, 30 Dec 2019 13:54:32 +0000 (14:54 +0100)

committer Stefan Metzmacher <metze@samba.org>

Tue, 21 Jan 2020 14:38:47 +0000 (14:38 +0000)
author Björn Baumbach <bb@sernet.de>
Mon, 30 Dec 2019 13:54:32 +0000 (14:54 +0100)
committer Stefan Metzmacher <metze@samba.org>
Tue, 21 Jan 2020 14:38:47 +0000 (14:38 +0000)
diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py

index abc72f588d0f21bccf60caaecec2397ead5eafdb..1467ddd0f234367cce5f7bf1d14176d06858a287 100644 (file)
--- a/python/samba/netcmd/group.py
+++ b/python/samba/netcmd/group.py
@@ -243,6 +243,10 @@ Example2 shows how to add a single user account, User2, to the supergroup AD gro
                       "Default: user,group,computer"),
                 default="user,group,computer",
                 type=str),
+        Option("--member-base-dn",
+               help=("Base DN for group member search.\n"
+                     "Default is the domain DN."),
+               type=str),
      ]
  
      takes_args = ["groupname", "listofmembers?"]
@@ -254,6 +258,7 @@ Example2 shows how to add a single user account, User2, to the supergroup AD gro
              sambaopts=None,
              versionopts=None,
              H=None,
+            member_base_dn=None,
              member_dn=None,
              object_types="user,group,computer"):
  
@@ -275,9 +280,13 @@ Example2 shows how to add a single user account, User2, to the supergroup AD gro
                  groupmembers += listofmembers.split(',')
              group_member_types = object_types.split(',')
  
+            if member_base_dn is not None:
+                member_base_dn = samdb.normalize_dn_in_domain(member_base_dn)
+
              samdb.add_remove_group_members(groupname, groupmembers,
                                             add_members_operation=True,
-                                           member_types=group_member_types)
+                                           member_types=group_member_types,
+                                           member_base_dn=member_base_dn)
          except Exception as e:
              # FIXME: catch more specific exception
              raise CommandError('Failed to add members %r to group "%s"' % (
@@ -328,6 +337,10 @@ Example2 shows how to remove a single user account, User2, from the supergroup A
                       "Default: user,group,computer"),
                 default="user,group,computer",
                 type=str),
+        Option("--member-base-dn",
+               help=("Base DN for group member search.\n"
+                     "Default is the domain DN."),
+               type=str),
      ]
  
      takes_args = ["groupname", "listofmembers?"]
@@ -339,6 +352,7 @@ Example2 shows how to remove a single user account, User2, from the supergroup A
              sambaopts=None,
              versionopts=None,
              H=None,
+            member_base_dn=None,
              member_dn=None,
              object_types="user,group,computer"):
  
@@ -360,10 +374,14 @@ Example2 shows how to remove a single user account, User2, from the supergroup A
                  groupmembers += listofmembers.split(',')
              group_member_types = object_types.split(',')
  
+            if member_base_dn is not None:
+                member_base_dn = samdb.normalize_dn_in_domain(member_base_dn)
+
              samdb.add_remove_group_members(groupname,
                                             groupmembers,
                                             add_members_operation=False,
-                                           member_types=group_member_types)
+                                           member_types=group_member_types,
+                                           member_base_dn=member_base_dn)
          except Exception as e:
              # FIXME: Catch more specific exception
              raise CommandError('Failed to remove members %r from group "%s"' % (listofmembers, groupname), e)
diff --git a/python/samba/samdb.py b/python/samba/samdb.py

index d0320c1d2cc85569192b0d5f28ead6f04014b6b0..d903babb4062b2d2635aa7418e183b845594fd7c 100644 (file)
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -306,7 +306,8 @@ pwdLastSet: 0
  
      def add_remove_group_members(self, groupname, members,
                                   add_members_operation=True,
-                                 member_types=[ 'user', 'group', 'computer' ]):
+                                 member_types=[ 'user', 'group', 'computer' ],
+                                 member_base_dn=None):
          """Adds or removes group members
  
          :param groupname: Name of the target group
@@ -335,6 +336,8 @@ changetype: modify
  
              for member in members:
                  targetmember_dn = None
+                if member_base_dn is None:
+                    member_base_dn = self.domain_dn()
  
                  try:
                      membersid = security.dom_sid(member)
@@ -355,7 +358,7 @@ changetype: modify
  
                  if targetmember_dn is None:
                      filter = self.group_member_filter(member, member_types)
-                    targetmember = self.search(base=self.domain_dn(),
+                    targetmember = self.search(base=member_base_dn,
                                                 scope=ldb.SCOPE_SUBTREE,
                                                 expression=filter,
                                                 attrs=[])
author	Björn Baumbach <bb@sernet.de>
	Mon, 30 Dec 2019 13:54:32 +0000 (14:54 +0100)
committer	Stefan Metzmacher <metze@samba.org>
	Tue, 21 Jan 2020 14:38:47 +0000 (14:38 +0000)
python/samba/netcmd/group.py		patch \| blob \| history
python/samba/samdb.py		patch \| blob \| history