Bug 452 - ldap backend groupmap add fails works with tdb
Summary: ldap backend groupmap add fails works with tdb
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.0
Hardware: All Linux
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-09-14 02:14 UTC by Godfrey Livingstone
Modified: 2005-11-14 09:26 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Godfrey Livingstone 2003-09-14 02:14:20 UTC 
When trying to add a groupmap entry for a unix group that already has a
groupmap entry I get the following
error "ldapsam_add_group_mapping_entry: Group 3 already exists in LDAP"

I can reproduce this with rc1 to rc4

It does not happen if use tdb backend, is ldap backend supposed to be
different?

I am running mandrake samba3 packages thus net3 instead of net.

John H Terpstra in an email to samba list said *

"You can not have more than one NT Domain Group per UNIX Group.
But you can have more than on NT Local Group per UNIX group.

Try:

net groupmap add ntgroup="Flying Pigs" unixgroup=sys type=l"

see http://lists.samba.org/pipermail/samba/2003-September/000074.html

so I assume ldap behaviour is wrong.
Commands entered below

[root@server01 samba3]# net3 groupmap list
Administrators (S-1-5-21-1617713866-2789119093-1479812082-512) -> root
Backup Operators (S-1-5-32-551) -> bin
Replicators (S-1-5-21-1617713866-2789119093-1479812082-1005) -> daemon
Power Users (S-1-5-32-547) -> sys
Print Operators (S-1-5-32-550) -> lp
Domain Admins (S-1-5-21-1617713866-2789119093-1479812082-21003) -> ntadmin
Staff (S-1-5-21-1617713866-2789119093-1479812082-22001) -> staff
Accounts (S-1-5-21-1617713866-2789119093-1479812082-22005) -> accounts
Family (S-1-5-21-1617713866-2789119093-1479812082-22007) -> family
Domain Guests (S-1-5-21-1617713866-2789119093-1479812082-514) -> nogroup
[root@server01 extract]# net3 groupmap add ntgroup=test unixgroup=sys
type=l rid=23000
[2003/09/14 20:14:36, 0]
passdb/pdb_ldap.c:ldapsam_add_group_mapping_entry(1866)
ldapsam_add_group_mapping_entry: Group 3 already exists in LDAP
adding entry for group test failed!

The code in passdb/pdb_ldap.c is I would guess supossed to give this
error but it is not consistent with tdb backend.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-01-07 11:28:11 UTC 

*** This bug has been marked as a duplicate of 905 ***
Comment 2 Gerald (Jerry) Carter (dead mail address) 2004-01-07 11:28:56 UTC 
should not have been closed.  It was an accident.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-02-10 15:20:26 UTC 
"It does not happen if use tdb backend, is ldap backend supposed 
 to be different?"

Yes.  LDAP is different.  entries can be replaced with no 
trouble in a tdb while the code to add an entry to LDAP 
is different than the code to modify an entry.

I look into changing the tdb behavior.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2004-02-10 19:17:51 UTC 
just checked the current 3.0 code and both tdb and ldap work 
in the same fashion.
Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:22:28 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 6 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:26:25 UTC 
database cleanup