Dies hier sollte ggf. nach Samba/MitLdapOhnePam verschoben werden:
- derzeit ist es orphaned, d.h. unverlinked
- das %-Zeichen im Seitennamen ist auch etwas unhübsch
Wenn also dieser Patch funktioniert und noch aktuell ist, mache das bitte.
--- passdb/pdb_ldap.c.old 2003-05-01 16:42:49.000000000 +0200
+++ passdb/pdb_ldap.c 2003-05-01 19:50:44.000000000 +0200
@@ -365,6 +365,76 @@
/* New Interface is being implemented here */
/**********************************************************************
+Initialize SAM_ACCOUNT from an LDAP query (unix attributes only)
+Backport from CVS SAMBA_3_0-Branch
+*********************************************************************/
+
+struct passwd* setup_pwret ( struct passwd * pass );
+
+static BOOL get_unix_attributes (LDAP *ldap_struct,
+ SAM_ACCOUNT * sampass,
+ LDAPMessage * entry)
+{
+ pstring homedir;
+ pstring temp;
+ uid_t uid;
+ gid_t gid;
+ char **ldap_values;
+ char **values;
+ struct passwd sys_user;
+
+ if ((ldap_values = ldap_get_values (ldap_struct, entry, "objectClass")) == NULL) {
+ DEBUG (1, ("get_unix_attributes: no objectClass! \n"));
+ return False;
+ }
+
+ for (values=ldap_values;*values;values++) {
+ if (strcasecmp(*values, "posixAccount") == 0) {
+ break;
+ }
+ }
+
+ if (!*values) { /*end of array, no posixAccount */
+ DEBUG(10, ("get_unix_attributes: user does not have posixAcccount attributes\n"));
+ ldap_value_free(ldap_values);
+ return False;
+ }
+ ldap_value_free(ldap_values);
+
+ if (!get_single_attribute(ldap_struct, entry, "homeDirectory", homedir))
+ return False;
+
+ if (!get_single_attribute(ldap_struct, entry, "uidNumber", temp))
+ return False;
+
+ uid = (uid_t)atol(temp);
+
+ if (!get_single_attribute(ldap_struct, entry, "gidNumber", temp))
+ return False;
+
+ gid = (gid_t)atol(temp);
+
+ // Disabled as this function is not used in 2.2
+ //pdb_set_unix_homedir(sampass, homedir);
+ pdb_set_uid(sampass, uid);
+ pdb_set_gid(sampass, gid);
+
+ // Kind of Hack, lets use the cache to override the missing local information
+
+ sys_user.pw_name="ffranz";
+ sys_user.pw_uid=uid;
+ sys_user.pw_gid=gid;
+ sys_user.pw_dir=homedir;
+ DEBUG(5, ("get_unix_attributes: Hack - Setting cache for homedir\n"));
+
+ //setup_pwret(&sys_user);
+ sys_setpwnam(&sys_user);
+
+ DEBUG(10, ("get_unix_attributes: user has posixAcccount attributes\n"));
+ return True;
+}
+
+/**********************************************************************
Initialize SAM_ACCOUNT from an LDAP query
(Based on init_sam_from_buffer in pdb_tdb.c)
*********************************************************************/
@@ -506,13 +576,22 @@
/* These values MAY be in LDAP, but they can also be retrieved through
* sys_getpw*() which is how we're doing it
*/
- sys_user = sys_getpwnam(username);
- if (sys_user == NULL) {
- DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username));
- return False;
+ if (!get_unix_attributes(ldap_struct, sampass, entry))
+ {
+ sys_user = sys_getpwnam(username);
+ if (sys_user == NULL) {
+ DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username));
+ return False;
+ }
+ else
+ {
+ pdb_set_uid(sampass, sys_user->pw_uid);
+ pdb_set_gid(sampass, sys_user->pw_gid);
+ free(sys_user);
+ }
+
}
-
/* FIXME: hours stuff should be cleaner */
logon_divs = 168;
@@ -543,8 +622,6 @@
pdb_set_hours_len(sampass, hours_len);
pdb_set_logon_divs(sampass, logon_divs);
- pdb_set_uid(sampass, sys_user->pw_uid);
- pdb_set_gid(sampass, sys_user->pw_gid);
pdb_set_user_rid(sampass, user_rid);
pdb_set_group_rid(sampass, group_rid);
--- lib/system.c.old 2003-05-01 20:37:30.000000000 +0200
+++ lib/system.c 2003-05-01 19:54:11.000000000 +0200
@@ -744,6 +744,11 @@
endpwent();
}
+void sys_setpwnam(struct passwd* sys_user)
+{
+ setup_pwret(sys_user);
+}
+
/**************************************************************************
Wrapper for getpwnam(). Always returns a static that can be modified.
****************************************************************************/Obiger Patch ermöglicht samba 2.2.3 mit ldap ohne pam zu nutzen. (Und ohne den meiner Meinung nach eher Hack mit adduser-on-the-fly)
configure mit --with-ldap --with-ldap-sam
OHNE: --with-pam
cu
Fabian 