Bug 9933 - "net rpc group addmem/delmem" ignores the "managedBy" group attribute
"net rpc group addmem/delmem" ignores the "managedBy" group attribute
Status: NEW
Product: Samba 3.6
Classification: Unclassified
Component: Client Tools
3.6.6
All All
: P5 normal
: ---
Assigned To: Volker Lendecke
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-06 01:54 UTC by Abraham Alawi
Modified: 2013-06-06 06:46 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Abraham Alawi 2013-06-06 01:54:35 UTC
"net rpc group addmem/delmem" ignores the "managedBy" group attribute. 

Typically, the AD ACL group has the following attributes:
cn
description
distinguishedName
dSCorePropagationData
gidNumber
groupType
info
instanceType
managedBy
member
name
objectCategory
objectClass
objectGUID
objectSid
sAMAccountName
sAMAccountType
uSNChanged
uSNCreated
whenChanged
whenCreated

The “managedBy“ attribute refers to another ACL group that can manage this group (i.e. add/remove users). It looks like "net rpc group addmem/delmem" only makes an LDAP modify request to the AD, so unless you have LDAP write access (e.g. Domain Admin) you won’t be able to modify the group. In other words, it ignores the special “managedBy” attribute. 

Thanks,

  -- Abraham