Dies hier sollte ggf. nach Samba/MitLdapOhnePam verschoben werden:
- derzeit ist es orphaned, d.h. unverlinked
- das %-Zeichen im Seitennamen ist auch etwas unhübsch
Wenn also dieser Patch funktioniert und noch aktuell ist, mache das bitte.
--- passdb/pdb_ldap.c.old 2003-05-01 16:42:49.000000000 +0200 +++ passdb/pdb_ldap.c 2003-05-01 19:50:44.000000000 +0200 @@ -365,6 +365,76 @@ /* New Interface is being implemented here */ /********************************************************************** +Initialize SAM_ACCOUNT from an LDAP query (unix attributes only) +Backport from CVS SAMBA_3_0-Branch +*********************************************************************/ + +struct passwd* setup_pwret ( struct passwd * pass ); + +static BOOL get_unix_attributes (LDAP *ldap_struct, + SAM_ACCOUNT * sampass, + LDAPMessage * entry) +{ + pstring homedir; + pstring temp; + uid_t uid; + gid_t gid; + char **ldap_values; + char **values; + struct passwd sys_user; + + if ((ldap_values = ldap_get_values (ldap_struct, entry, "objectClass")) == NULL) { + DEBUG (1, ("get_unix_attributes: no objectClass! \n")); + return False; + } + + for (values=ldap_values;*values;values++) { + if (strcasecmp(*values, "posixAccount") == 0) { + break; + } + } + + if (!*values) { /*end of array, no posixAccount */ + DEBUG(10, ("get_unix_attributes: user does not have posixAcccount attributes\n")); + ldap_value_free(ldap_values); + return False; + } + ldap_value_free(ldap_values); + + if (!get_single_attribute(ldap_struct, entry, "homeDirectory", homedir)) + return False; + + if (!get_single_attribute(ldap_struct, entry, "uidNumber", temp)) + return False; + + uid = (uid_t)atol(temp); + + if (!get_single_attribute(ldap_struct, entry, "gidNumber", temp)) + return False; + + gid = (gid_t)atol(temp); + + // Disabled as this function is not used in 2.2 + //pdb_set_unix_homedir(sampass, homedir); + pdb_set_uid(sampass, uid); + pdb_set_gid(sampass, gid); + + // Kind of Hack, lets use the cache to override the missing local information + + sys_user.pw_name="ffranz"; + sys_user.pw_uid=uid; + sys_user.pw_gid=gid; + sys_user.pw_dir=homedir; + DEBUG(5, ("get_unix_attributes: Hack - Setting cache for homedir\n")); + + //setup_pwret(&sys_user); + sys_setpwnam(&sys_user); + + DEBUG(10, ("get_unix_attributes: user has posixAcccount attributes\n")); + return True; +} + +/********************************************************************** Initialize SAM_ACCOUNT from an LDAP query (Based on init_sam_from_buffer in pdb_tdb.c) *********************************************************************/ @@ -506,13 +576,22 @@ /* These values MAY be in LDAP, but they can also be retrieved through * sys_getpw*() which is how we're doing it */ - sys_user = sys_getpwnam(username); - if (sys_user == NULL) { - DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username)); - return False; + if (!get_unix_attributes(ldap_struct, sampass, entry)) + { + sys_user = sys_getpwnam(username); + if (sys_user == NULL) { + DEBUG (2,("init_sam_from_ldap: User [%s] does not ave a uid!\n", username)); + return False; + } + else + { + pdb_set_uid(sampass, sys_user->pw_uid); + pdb_set_gid(sampass, sys_user->pw_gid); + free(sys_user); + } + } - /* FIXME: hours stuff should be cleaner */ logon_divs = 168; @@ -543,8 +622,6 @@ pdb_set_hours_len(sampass, hours_len); pdb_set_logon_divs(sampass, logon_divs); - pdb_set_uid(sampass, sys_user->pw_uid); - pdb_set_gid(sampass, sys_user->pw_gid); pdb_set_user_rid(sampass, user_rid); pdb_set_group_rid(sampass, group_rid); --- lib/system.c.old 2003-05-01 20:37:30.000000000 +0200 +++ lib/system.c 2003-05-01 19:54:11.000000000 +0200 @@ -744,6 +744,11 @@ endpwent(); } +void sys_setpwnam(struct passwd* sys_user) +{ + setup_pwret(sys_user); +} + /************************************************************************** Wrapper for getpwnam(). Always returns a static that can be modified. ****************************************************************************/
Obiger Patch ermöglicht samba 2.2.3 mit ldap ohne pam zu nutzen. (Und ohne den meiner Meinung nach eher Hack mit adduser-on-the-fly)
configure mit --with-ldap --with-ldap-sam
OHNE: --with-pam
cu
Fabian