From 779a3cc1f6fb5e113eb9fb6d41495adcd516020e Mon Sep 17 00:00:00 2001
From: awalker <awalker@ixsystems.com>
Date: Fri, 22 Feb 2019 06:55:38 -0500
Subject: [PATCH] Fix regression with user/group validation in AD environments

---
 gui/common/freenasldap.py | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/gui/common/freenasldap.py b/gui/common/freenasldap.py
index 49a7d7db35fd..39bf532b95db 100755
--- a/gui/common/freenasldap.py
+++ b/gui/common/freenasldap.py
@@ -3109,10 +3109,32 @@ def __get_group(self, group, netbiosname):
         self.basedn = self.get_baseDN()
         self.attributes = ['sAMAccountName']
 
-        # Redmine 63414
+        # Redmine 63414 and 76000
+        """
+           "use default domain = False":
+           Local               Domain               External Domain
+           GROUP               DOMAIN\GROUP         TRUSTED\GROUP
+
+           "use default domain = True":
+           GROUP               GROUP                TRUSTED\GROUP
+
+           @param(in) GROUP: <GROUP>
+           @param(in) netbiosname: <DOMAIN>
+
+           If the domain is a trusted domain, the sAMAccountName for
+           the group cannot be obtained through an LDAP query. Reconstruct
+           the groupname as originally received (<DOMAIN>\<GROUP>) prior to
+           grp.getgrnam(). Determine whether this is trusted domain
+           by comparing with the value of "workgroup" in cifs_srv_workgroup.
+           This value (workgroup) is automatically detected and set when the
+           server initially joins an AD domain.
+        """
+
         external_domain = False
         if netbiosname:
-            joined_domain = self.basedn.split(',')[0].strip('DC=').upper()
+            with client as c:
+                smb = c.call('smb.config')
+            joined_domain = smb['workgroup'].upper()
             group_domain = netbiosname.upper()
             if joined_domain != group_domain:
                 external_domain = True
@@ -3326,10 +3348,12 @@ def __get_user(self, user, netbiosname):
         self.basedn = self.get_baseDN()
         self.attributes = ['sAMAccountName']
 
-        # Redmine 63414
+        # Redmine 63414 and 76000
         external_domain = False
         if netbiosname:
-            joined_domain = self.basedn.split(',')[0].strip('DC=').upper()
+            with client as c:
+                smb = c.call('smb.config')
+            joined_domain = smb['workgroup'].upper()
             group_domain = netbiosname.upper()
             if joined_domain != group_domain:
                 external_domain = True