From: Rob van der Linde <rob@catalyst.net.nz>
Date: Mon, 4 Mar 2024 23:04:49 +0000 (+1300)
Subject: netcmd: gmsa: create should allow custom SDDL
X-Git-Tag: tdb-1.4.11~1434
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6e79982c902fffc8dc1b95c56727e60c73cddeb;p=thirdparty%2Fsamba.git

netcmd: gmsa: create should allow custom SDDL

gMSA update already supported it but not create

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/netcmd/service_account/service_account.py b/python/samba/netcmd/service_account/service_account.py
index ab2abf117b1..4a3f78786d9 100644
--- a/python/samba/netcmd/service_account/service_account.py
+++ b/python/samba/netcmd/service_account/service_account.py
@@ -109,13 +109,17 @@ class cmd_service_account_create(Command):
                dest="name", action="store", type=str, required=True),
         Option("--dns-host-name", help="Name of DNS host (required).",
                dest="dns_host_name", action="store", type=str, required=True),
+        Option("--group-msa-membership",
+               help="Provide optional Group MSA Membership SDDL.",
+               dest="group_msa_membership", action="store", type=str),
         Option("--managed-password-interval",
                help="Managed password refresh interval in days.",
                dest="managed_password_interval", action="store", type=int),
     ]
 
     def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
-            dns_host_name=None, managed_password_interval=None):
+            dns_host_name=None, group_msa_membership=None,
+            managed_password_interval=None):
 
         ldb = self.ldb_connect(hostopts, sambaopts, credopts)
 
@@ -123,6 +127,7 @@ class cmd_service_account_create(Command):
             name=name,
             managed_password_interval=managed_password_interval,
             dns_host_name=dns_host_name,
+            group_msa_membership=group_msa_membership,
         )
 
         # Create group managed service account.