Bug 1017 - Doesn't provide exactly 1 SID <=> 1 Gid
Summary: Doesn't provide exactly 1 SID <=> 1 Gid
Status: RESOLVED LATER
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Volker Lendecke
QA Contact:
URL: http://lists.samba.org/archive/samba-...
Keywords:
Depends on:
Blocks: 828 1019
  Show dependency treegraph
 
Reported: 2004-01-30 01:31 UTC by Ganael LAPLANCHE
Modified: 2005-09-27 12:48 UTC (History)
0 users

See Also:


Attachments
Provides additional checks for pdb_ldap when creating/modifying group mapping entries (1.23 KB, patch)
2004-01-30 01:34 UTC, Ganael LAPLANCHE
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Ganael LAPLANCHE 2004-01-30 01:31:40 UTC
1) pdb_ldap allows to map the same SID twice (with two distinct gids) while
creating/modifying a mapping. So we don't have exactly 1 SID <=> 1 GID. It
is impossible to delete such a mapping (mapped twice) after its creation.

2) pdb_ldap.c also allows to use a gid already mapped while modifying a
mapping (there is no check).
Comment 1 Ganael LAPLANCHE 2004-01-30 01:34:08 UTC
Created attachment 375 [details]
Provides additional checks for pdb_ldap when creating/modifying group mapping entries

ldapsam_add_group_mapping_entry :

Verify if the SID involved in a new mapping is already used in another mapping
to avoid same SID mapped twice to different unix groups.

ldapsam_update_group_mapping_entry :

Verify if a gid specified while modifying an existing mapping is not involved
in
another one.

Also modified error messages to make them easier to understand.
Comment 2 Jim McDonough 2004-03-12 08:49:41 UTC
Volker, I'll leave this for you to consider.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-03-18 07:06:01 UTC
moving to 3.0
Comment 4 Gerald (Jerry) Carter (dead mail address) 2004-03-18 07:07:54 UTC
resetting component
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-09-27 12:48:29 UTC
later.