Samba4 patch for manipulating Unix attributes via ADUC

Andrew Bartlett abartlet at
Wed Jul 11 19:02:23 MDT 2012

On Wed, 2012-07-11 at 23:55 +0200, Gémes Géza wrote:
> Hi,
> The attached patch makes it possible to provision in a way 
> (--fake-ypserver=yes) that allows manipulating the Unix attributes of 
> users/groups via ADUC.
> It does that by provisioning as if it would be used by the MS NIS server.
> Please review the attached patch.
> Cheers
> Geza
> P.S. I've started working on a patch which (based on this one) would 
> allow to keep all the Unix attributes when doing a classicupgrade.


Let me know if I can help.  

My suggestion is to extract the ldap password from the secrets.tdb and
then use it and the bind dn to connect to the ldap server using ldb.
Then you should be able to modify the AD user by setting values on the
user, as found by SID (eg <SID=S-1-2-3>) like the current 'import uid
and gid mappings into AD' code does.

Naturally, this would be conditional on us connecting to an LDAP passdb
backend (unless you just want to do it based on getpwnam()).


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list