Implement abartlet's suggestion to add attribs to ldap if they

are 'SET' when adding the account.

I really don't like passing flags down to inner routines and
complicated if/else conditions, but this time he might be right. ;-)

Volker

source/passdb/pdb_ldap.c

@@ -1273,6 +1273,11 @@ static BOOL init_sam_from_ldap (struct ldapsam_privates *ldap_state,
 	return True;
 }
 
+/**********************************************************************
+  An LDAP modification is needed in two cases:
+  * If we are updating the record AND the attribute is CHANGED.
+  * If we are adding   the record AND it is SET or CHANGED (ie not default)
+*********************************************************************/
 static BOOL need_ldap_mod(BOOL pdb_add, const SAM_ACCOUNT * sampass, enum pdb_elements element) {
 	if (pdb_add) {
 		return (!IS_SAM_DEFAULT(sampass, element));
@@ -1287,13 +1292,13 @@ static BOOL need_ldap_mod(BOOL pdb_add, const SAM_ACCOUNT * sampass, enum pdb_el
 *********************************************************************/
 static void make_ldap_mod(LDAP *ldap_struct, LDAPMessage *existing,
 			  LDAPMod ***mods,
-			  const SAM_ACCOUNT *sampass,
+			  const SAM_ACCOUNT *sampass, BOOL pdb_add,
 			  enum pdb_elements element,
 			  const char *attribute, const char *newval)
 {
 	char **values = NULL;
 
-	if (!IS_SAM_CHANGED(sampass, element)) {
+	if (!need_ldap_mod(pdb_add, sampass, element)) {
 		return;
 	}
 
@@ -1342,7 +1347,8 @@ Initialize SAM_ACCOUNT from an LDAP query
 *********************************************************************/
 static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state, 
 				LDAPMessage *existing,
-				LDAPMod *** mods, const SAM_ACCOUNT * sampass)
+				LDAPMod *** mods, const SAM_ACCOUNT * sampass,
+				BOOL pdb_add)
 {
 	pstring temp;
 	uint32 rid;
@@ -1358,7 +1364,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 	 * took out adding "objectclass: sambaAccount"
 	 * do this on a per-mod basis
 	 */
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_USERNAME, "uid", pdb_get_username(sampass));
 	DEBUG(2, ("Setting entry for user: %s\n", pdb_get_username(sampass)));
 
@@ -1386,7 +1392,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 	}
 
 	slprintf(temp, sizeof(temp) - 1, "%i", rid);
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_USERSID, "rid", temp);
 
 
@@ -1406,7 +1412,7 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 	}
 
 	slprintf(temp, sizeof(temp) - 1, "%i", rid);
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_GROUPSID, "primaryGroupID", temp);
 
 	/* displayName, cn, and gecos should all be the same
@@ -1417,55 +1423,55 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 	 *  it does not exist.
 	 */
 
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_FULLNAME, "displayName",
 		      pdb_get_fullname(sampass));
 
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_ACCTDESC, "description",
 		      pdb_get_acct_desc(sampass));
 
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_WORKSTATIONS, "userWorkstations",
 		      pdb_get_workstations(sampass));
 
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_SMBHOME, "smbHome",
 		      pdb_get_homedir(sampass));
 			
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_DRIVE, "homeDrive",
 		      pdb_get_dir_drive(sampass));
 
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_LOGONSCRIPT, "scriptPath",
 		      pdb_get_logon_script(sampass));
 
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_PROFILE, "profilePath",
 		      pdb_get_profile_path(sampass));
 
 	slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logon_time(sampass));
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_LOGONTIME, "logonTime", temp);
 
 	slprintf(temp, sizeof(temp) - 1, "%li", pdb_get_logoff_time(sampass));
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_LOGOFFTIME, "logoffTime", temp);
 
 	slprintf (temp, sizeof (temp) - 1, "%li",
 		  pdb_get_kickoff_time(sampass));
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_KICKOFFTIME, "kickoffTime", temp);
 
 	slprintf (temp, sizeof (temp) - 1, "%li",
 		  pdb_get_pass_can_change_time(sampass));
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_CANCHANGETIME, "pwdCanChange", temp);
 
 	slprintf (temp, sizeof (temp) - 1, "%li",
 		  pdb_get_pass_must_change_time(sampass));
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_MUSTCHANGETIME, "pwdMustChange", temp);
 
 	if ((pdb_get_acct_ctrl(sampass)&(ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST))||
@@ -1473,22 +1479,22 @@ static BOOL init_ldap_from_sam (struct ldapsam_privates *ldap_state,
 
 		pdb_sethexpwd (temp, pdb_get_lanman_passwd(sampass),
 			       pdb_get_acct_ctrl(sampass));
-		make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+		make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 			      PDB_LMPASSWD, "lmPassword", temp);
 
 		pdb_sethexpwd (temp, pdb_get_nt_passwd(sampass),
 			       pdb_get_acct_ctrl(sampass));
-		make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+		make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 			      PDB_NTPASSWD, "ntPassword", temp);
 
 		slprintf (temp, sizeof (temp) - 1, "%li",
 			  pdb_get_pass_last_set_time(sampass));
-		make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+		make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 			      PDB_PASSLASTSET, "pwdLastSet", temp);
 	}
 
 	/* FIXME: Hours stuff goes in LDAP  */
-	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass,
+	make_ldap_mod(ldap_state->ldap_struct, existing, mods, sampass, pdb_add,
 		      PDB_ACCTCTRL, "acctFlags",
 		      pdb_encode_acct_ctrl (pdb_get_acct_ctrl(sampass),
 					    NEW_PW_FORMAT_SPACE_PADDED_LEN));
@@ -1961,7 +1967,7 @@ static NTSTATUS ldapsam_update_sam_account(struct pdb_methods *my_methods, SAM_A
 	entry = ldap_first_entry(ldap_state->ldap_struct, result);
 	dn = ldap_get_dn(ldap_state->ldap_struct, entry);
 
-	if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd)) {
+	if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, False)) {
 		DEBUG(0, ("ldapsam_update_sam_account: init_ldap_from_sam failed!\n"));
 		ldap_msgfree(result);
 		return NT_STATUS_UNSUCCESSFUL;
@@ -2060,7 +2066,7 @@ static NTSTATUS ldapsam_add_sam_account(struct pdb_methods *my_methods, SAM_ACCO
                 }
 	}
 
-	if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd)) {
+	if (!init_ldap_from_sam(ldap_state, entry, &mods, newpwd, True)) {
 		DEBUG(0, ("ldapsam_add_sam_account: init_ldap_from_sam failed!\n"));
 		ldap_msgfree(result);
 		ldap_mods_free(mods, 1);

source/utils/pdbedit.c

@@ -69,12 +69,6 @@ static int export_database (struct pdb_context *in, struct pdb_context *out) {
 	}
 
 	while (NT_STATUS_IS_OK(in->pdb_getsampwent(in, user))) {
-		int i;
-
-		for (i=0; i<PDB_COUNT; i++) {
-			pdb_set_init_flags(user, i, PDB_CHANGED);
-		}
-
 		out->pdb_add_sam_account(out, user);
 		if (!NT_STATUS_IS_OK(pdb_reset_sam(user))){
 			fprintf(stderr, "Can't reset SAM_ACCOUNT!\n");