python/samdb: adapt search filter for group object type

Use a group search filter which is similar to the filter which is used
by the basic MS Windows group membership management.

The filter excludes the group type GROUP_TYPE_BUILTIN_LOCAL_GROUP.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 7852373c817f5fbfa3722c0440ae2156bbe3c22b..b1d5acb83991c397c9e47a6dbb8cf3191132660e 100644 (file)
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -258,7 +258,9 @@ pwdLastSet: 0
             filter += ('(&(sAMAccountName=%s)(samAccountType=%d))' %
                        (ldb.binary_encode(member), dsdb.ATYPE_NORMAL_ACCOUNT))
         if 'group' in member_types:
-            filter += ('(&(sAMAccountName=%s)(objectclass=group))' %
+            filter += ('(&(sAMAccountName=%s)'
+                       '(objectClass=group)'
+                       '(!(groupType:1.2.840.113556.1.4.803:=1)))' %
                        ldb.binary_encode(member))
         if 'computer' in member_types:
             samaccountname = member