Bug 9933 – "net rpc group addmem/delmem" ignores the "managedBy" group attribute

Bug 9933 - "net rpc group addmem/delmem" ignores the "managedBy" group attribute


Summary:	"net rpc group addmem/delmem" ignores the "managedBy" group attribute

Status:	NEW

Product:	Samba 3.6
Classification:	Unclassified
Component:	Client Tools
Version:	3.6.6
Hardware:	All All

Importance:	P5 normal
Target Milestone:	---
Assigned To:	Volker Lendecke
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-06-06 01:54 UTC by Abraham Alawi
Modified:	2013-06-06 06:46 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Abraham Alawi 2013-06-06 01:54:35 UTC

"net rpc group addmem/delmem" ignores the "managedBy" group attribute. 

Typically, the AD ACL group has the following attributes:
cn
description
distinguishedName
dSCorePropagationData
gidNumber
groupType
info
instanceType
managedBy
member
name
objectCategory
objectClass
objectGUID
objectSid
sAMAccountName
sAMAccountType
uSNChanged
uSNCreated
whenChanged
whenCreated

The “managedBy“ attribute refers to another ACL group that can manage this group (i.e. add/remove users). It looks like "net rpc group addmem/delmem" only makes an LDAP modify request to the AD, so unless you have LDAP write access (e.g. Domain Admin) you won’t be able to modify the group. In other words, it ignores the special “managedBy” attribute. 

Thanks,

  -- Abraham