Samba4 patch for manipulating Unix attributes via ADUC
abartlet at samba.org
Thu Jul 12 02:01:47 MDT 2012
On Thu, 2012-07-12 at 07:36 +0200, Gémes Géza wrote:
> 2012-07-12 03:02 keltezéssel, Andrew Bartlett írta:
> > On Wed, 2012-07-11 at 23:55 +0200, Gémes Géza wrote:
> >> Hi,
> >> The attached patch makes it possible to provision in a way
> >> (--fake-ypserver=yes) that allows manipulating the Unix attributes of
> >> users/groups via ADUC.
> >> It does that by provisioning as if it would be used by the MS NIS server.
> >> Please review the attached patch.
> >> Cheers
> >> Geza
> >> P.S. I've started working on a patch which (based on this one) would
> >> allow to keep all the Unix attributes when doing a classicupgrade.
> > Great!
> > Let me know if I can help.
> > My suggestion is to extract the ldap password from the secrets.tdb and
> > then use it and the bind dn to connect to the ldap server using ldb.
> > Then you should be able to modify the AD user by setting values on the
> > user, as found by SID (eg <SID=S-1-2-3>) like the current 'import uid
> > and gid mappings into AD' code does.
> > Naturally, this would be conditional on us connecting to an LDAP passdb
> > backend (unless you just want to do it based on getpwnam()).
> > Thanks!
> > Andrew Bartlett
> Hi Andrew,
> I try to do that in reverse order: first try getpwnam and if it fails
> (non in the place upgrades) then ldap.
I would generally prefer we went to ldap as preference. We do that for
other parts of the migration, as we set ldapsam:trusted=yes.
> Currently I try to extract the
> ldap password via secrets_db.__getitem__ but that is clearly not the
> best way. I would be glad if you could suggest a better alternative.
See source4/scripting/python/samba/samba3.py and how we get the machine
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical