python/samdb: add option to specify types of group members

The option can be used to specify the type of the object which have to
be added to (or removed) from a group. The search filter for the objects
will be created according to the types.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 22819641802dd40b4951265c2a9ae8bfff76bbe0..1090383f5266a52d24f01c493a9edf3d122d3551 100644 (file)
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -251,8 +251,23 @@ pwdLastSet: 0
         else:
             self.transaction_commit()
 
+    def group_member_filter(self, member, member_types):
+        filter = ""
+
+        if 'user' in member_types:
+            filter += ('(&(sAMAccountName=%s)(objectclass=user))' %
+                       ldb.binary_encode(member))
+        if 'group' in member_types:
+            filter += ('(&(sAMAccountName=%s)(objectclass=group))' %
+                       ldb.binary_encode(member))
+
+        filter = "(|%s)" % filter
+
+        return filter
+
     def add_remove_group_members(self, groupname, members,
-                                 add_members_operation=True):
+                                 add_members_operation=True,
+                                 member_types=[ 'user', 'group' ]):
         """Adds or removes group members
 
         :param groupname: Name of the target group
@@ -280,8 +295,7 @@ changetype: modify
 """ % (str(targetgroup[0].dn))
 
             for member in members:
-                filter = ('(&(sAMAccountName=%s)(|(objectclass=user)'
-                          '(objectclass=group)))' % ldb.binary_encode(member))
+                filter = self.group_member_filter(member, member_types)
                 foreign_msg = None
                 try:
                     membersid = security.dom_sid(member)