Samba 3 to Samba 4 Migration. (myldap-pub.py patch)

Andrew Bartlett abartlet at samba.org
Thu Nov 18 02:59:39 MST 2010 

On Wed, 2010-11-03 at 15:55 +0000, Lukasz Zalewski wrote:
> Hi Metze,
> Thx :)
> On 11/03/2010 03:04 PM, Stefan (metze) Metzmacher wrote:
> > Hi Lukasz,
> >
> > here's my current version of the script (based on your -08 version).
> >
> > - I added the --create_user_principal_name option (disabled by default)
> >    not everybody wants to have that.
> Shall we also add an option flag to the samba-tool newuser cmd as it 
> automatically creates userPrinicpalName - (OTOH this is how Active 
> Directory Users and Computers creates accounts.)
> >
> > - I fixed the 'member' handling for the primary group of a user.
> >
> > - I removed some lines like:
> >      self.insert_organizationalUnit(self.groups.importdn)
> >    where importdn is only the partial dn.
> >
> > - I removed IMPORT_TYPE_TRUSTS from IMPORT_TYPE_ALL for now
> >
> > metze
> 
> Given the recent name changing, maybe this is a good opportunity to 
> change myldap-pub.py to something else (i think we already agreed the 
> current name must go)
> 
> I have noticed that some of the attributes have to explicitly rejected 
> by the user - this seems sensible, but some parameters do have their 
> counterparts in samba4, for example shadowMin, shadowMax, shadowExpire, 
> shadowFlag, shadowWarning, shadowInactive - shall they be white listed 
> (such that they do not trigger keep != remove assertion) or do you want 
> them to be explicitly rejected?
> 
> Also, python 2.4 does not handle getpass password prompt well when 
> redirecting to stdout (2.6 is fine). Do you know of any 
> workarounds/solutions for this?
> 
> attached is same script with small typo corrected (was 
> --create_user_prinical_name instead of --create_user_principal_name)

I would like to propose that we include this in the tree, in
scripting/devel until we can modify it to be a subcommand of samba-tool.

This script should not sit outside version control for this long, as
folks are starting to use it.

To do that, we do need to clean it up a little.  For example, import the
constants like ACB_ etc from samba.dcerpc.samr, and the others from
samba.dsdb. 

I would also like the dump() function removed (particularly given it is
copied in, and just used in commented out code). 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101118/33b5d1e8/attachment.pgp>

More information about the samba-technical mailing list