Bug 1017 - Doesn't provide exactly 1 SID <=> 1 Gid
Summary: Doesn't provide exactly 1 SID <=> 1 Gid
Status: RESOLVED LATER
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Volker Lendecke
QA Contact:
URL: http://lists.samba.org/archive/samba-...
Keywords:
Depends on:
Blocks: 828 1019
  Show dependency treegraph
 
Reported: 2004-01-30 01:31 UTC by Ganael LAPLANCHE
Modified: 2005-09-27 12:48 UTC (History)
0 users

See Also:

Attachments
Provides additional checks for pdb_ldap when creating/modifying group mapping entries (1.23 KB, patch)
2004-01-30 01:34 UTC, Ganael LAPLANCHE 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ganael LAPLANCHE 2004-01-30 01:31:40 UTC 
1) pdb_ldap allows to map the same SID twice (with two distinct gids) while
creating/modifying a mapping. So we don't have exactly 1 SID <=> 1 GID. It
is impossible to delete such a mapping (mapped twice) after its creation.

2) pdb_ldap.c also allows to use a gid already mapped while modifying a
mapping (there is no check).
Comment 1 Ganael LAPLANCHE 2004-01-30 01:34:08 UTC 
Created attachment 375 [details]
Provides additional checks for pdb_ldap when creating/modifying group mapping entries

ldapsam_add_group_mapping_entry :

Verify if the SID involved in a new mapping is already used in another mapping
to avoid same SID mapped twice to different unix groups.

ldapsam_update_group_mapping_entry :

Verify if a gid specified while modifying an existing mapping is not involved
in
another one.

Also modified error messages to make them easier to understand.
Comment 2 Jim McDonough 2004-03-12 08:49:41 UTC 
Volker, I'll leave this for you to consider.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-03-18 07:06:01 UTC 
moving to 3.0
Comment 4 Gerald (Jerry) Carter (dead mail address) 2004-03-18 07:07:54 UTC 
resetting component
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-09-27 12:48:29 UTC 
later.