Samba4 patch for manipulating Unix attributes via ADUC

Gémes Géza geza at kzsdabas.hu
Wed Jul 11 23:36:46 MDT 2012


2012-07-12 03:02 keltezéssel, Andrew Bartlett írta:
> On Wed, 2012-07-11 at 23:55 +0200, Gémes Géza wrote:
>> Hi,
>>
>> The attached patch makes it possible to provision in a way
>> (--fake-ypserver=yes) that allows manipulating the Unix attributes of
>> users/groups via ADUC.
>> It does that by provisioning as if it would be used by the MS NIS server.
>>
>> Please review the attached patch.
>>
>> Cheers
>>
>> Geza
>>
>> P.S. I've started working on a patch which (based on this one) would
>> allow to keep all the Unix attributes when doing a classicupgrade.
> Great!
>
> Let me know if I can help.
>
> My suggestion is to extract the ldap password from the secrets.tdb and
> then use it and the bind dn to connect to the ldap server using ldb.
> Then you should be able to modify the AD user by setting values on the
> user, as found by SID (eg <SID=S-1-2-3>) like the current 'import uid
> and gid mappings into AD' code does.
>
> Naturally, this would be conditional on us connecting to an LDAP passdb
> backend (unless you just want to do it based on getpwnam()).
>
> Thanks!
>
> Andrew Bartlett
>
Hi Andrew,

I try to do that in reverse order: first try getpwnam and if it fails 
(non in the place upgrades) then ldap. Currently I try to extract the 
ldap password via secrets_db.__getitem__ but that is clearly not the 
best way. I would be glad if you could suggest a better alternative.

Cheers

Geza



More information about the samba-technical mailing list