From e3099ac4072668b208529f1c253c308bb82dac5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= Date: Fri, 9 Aug 2019 16:26:58 +0200 Subject: [PATCH] python/samdb: add more object types for adding/remove group members MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The filters are based on the MS Windows filter, which are used by the basic group member management dialog. Signed-off-by: Björn Baumbach Reviewed-by: Ralph Boehme --- python/samba/samdb.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/python/samba/samdb.py b/python/samba/samdb.py index 1090383f526..6d716b07c29 100644 --- a/python/samba/samdb.py +++ b/python/samba/samdb.py @@ -260,6 +260,27 @@ pwdLastSet: 0 if 'group' in member_types: filter += ('(&(sAMAccountName=%s)(objectclass=group))' % ldb.binary_encode(member)) + if 'computer' in member_types: + samaccountname = member + if member[-1] != '$': + samaccountname = "%s$" % member + filter += ('(&(samAccountType=%d)' + '(!(objectCategory=msDS-ManagedServiceAccount))' + '(sAMAccountName=%s))' % + (dsdb.ATYPE_WORKSTATION_TRUST, + ldb.binary_encode(samaccountname))) + if 'serviceaccount' in member_types: + samaccountname = member + if member[-1] != '$': + samaccountname = "%s$" % member + filter += ('(&(samAccountType=%d)' + '(objectCategory=msDS-ManagedServiceAccount)' + '(sAMAccountName=%s))' % + (dsdb.ATYPE_WORKSTATION_TRUST, + ldb.binary_encode(samaccountname))) + if 'contact' in member_types: + filter += ('(&(objectCategory=Person)(!(objectSid=*))(name=%s))' % + ldb.binary_encode(member)) filter = "(|%s)" % filter