From e97ae4650220bcd3062f31c7ba4ad1920525c0d1 Mon Sep 17 00:00:00 2001
From: Marc Muehlfeld <mmuehlfeld@samba.org>
Date: Sat, 18 Oct 2014 00:34:35 +0200
Subject: [PATCH] samba-tool group add: Add option --nis-domain and --gid

This allows creating RFC2307 enabled groups via samba-tool

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Oct 23 18:19:35 CEST 2014 on sn-devel-104

(cherry picked from commit 4bec1867987845fc40e9a17a283d2affc36e0dc5)
---
 python/samba/netcmd/group.py | 15 +++++++++++++--
 python/samba/samdb.py        | 13 ++++++++++++-
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
index 1a24e5f..4b5fd27 100644
--- a/python/samba/netcmd/group.py
+++ b/python/samba/netcmd/group.py
@@ -70,6 +70,11 @@ Example2:
 sudo samba-tool group add Group2 --group-type=Distribution
 
 Example2 adds a new distribution group to the local server.  The command is run under root using the sudo command.
+
+Example3:
+samba-tool group add Group3 --nis-domain=samdom --gid=12345
+
+Example3 adds a new RFC2307 enabled group for NIS domain samdom and GID 12345 (both options are required to enable this feature).
 """
 
     synopsis = "%prog <groupname> [options]"
@@ -93,19 +98,24 @@ Example2 adds a new distribution group to the local server.  The command is run
         Option("--description", help="Group's description", type=str),
         Option("--mail-address", help="Group's email address", type=str),
         Option("--notes", help="Groups's notes", type=str),
+        Option("--gid-number", help="Group's Unix/RFC2307 GID number", type=int),
+        Option("--nis-domain", help="SFU30 NIS Domain", type=str),
     ]
 
     takes_args = ["groupname"]
 
     def run(self, groupname, credopts=None, sambaopts=None,
             versionopts=None, H=None, groupou=None, group_scope=None,
-            group_type=None, description=None, mail_address=None, notes=None):
+            group_type=None, description=None, mail_address=None, notes=None, gid_number=None, nis_domain=None):
 
         if (group_type or "Security") == "Security":
             gtype = security_group.get(group_scope, GTYPE_SECURITY_GLOBAL_GROUP)
         else:
             gtype = distribution_group.get(group_scope, GTYPE_DISTRIBUTION_GLOBAL_GROUP)
 
+        if (gid_number is None and nis_domain is not None) or (gid_number is not None and nis_domain is None):
+            raise CommandError('Both --gid-number and --nis-domain have to be set for a RFC2307-enabled group. Operation cancelled.')
+
         lp = sambaopts.get_loadparm()
         creds = credopts.get_credentials(lp, fallback_machine=True)
 
@@ -113,7 +123,8 @@ Example2 adds a new distribution group to the local server.  The command is run
             samdb = SamDB(url=H, session_info=system_session(),
                           credentials=creds, lp=lp)
             samdb.newgroup(groupname, groupou=groupou, grouptype = gtype,
-                          description=description, mailaddress=mail_address, notes=notes)
+                          description=description, mailaddress=mail_address, notes=notes,
+                          gidnumber=gid_number, nisdomain=nis_domain)
         except Exception, e:
             # FIXME: catch more specific exception
             raise CommandError('Failed to create group "%s"' % groupname, e)
diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 2dfc839..e68519f 100644
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -169,7 +169,8 @@ pwdLastSet: 0
         self.modify_ldif(mod)
 
     def newgroup(self, groupname, groupou=None, grouptype=None,
-                 description=None, mailaddress=None, notes=None, sd=None):
+                 description=None, mailaddress=None, notes=None, sd=None,
+                 gidnumber=None, nisdomain=None):
         """Adds a new group with additional parameters
 
         :param groupname: Name of the new group
@@ -177,6 +178,8 @@ pwdLastSet: 0
         :param description: Description of the new group
         :param mailaddress: Email address of the new group
         :param notes: Notes of the new group
+        :param gidnumber: GID Number of the new group
+        :param nisdomain: NIS Domain Name of the new group
         :param sd: security descriptor of the object
         """
 
@@ -188,6 +191,8 @@ pwdLastSet: 0
             "sAMAccountName": groupname,
             "objectClass": "group"}
 
+        ldbmessage["msSFU30Name"] = groupname
+
         if grouptype is not None:
             ldbmessage["groupType"] = normalise_int32(grouptype)
 
@@ -200,6 +205,12 @@ pwdLastSet: 0
         if notes is not None:
             ldbmessage["info"] = notes
 
+        if gidnumber is not None:
+            ldbmessage["gidNumber"] = normalise_int32(gidnumber)
+
+        if nisdomain is not None:
+            ldbmessage["msSFU30NisDomain"] = nisdomain
+
         if sd is not None:
             ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
 
-- 
1.9.3