Samba4 patch for manipulating Unix attributes via ADUC

Gémes Géza geza at kzsdabas.hu
Sat Jul 14 00:14:02 MDT 2012 

2012-07-14 01:09 keltezéssel, Andrew Bartlett írta:
> On Fri, 2012-07-13 at 22:05 +0200, Gémes Géza wrote:
>> 2012-07-13 07:50 keltezéssel, Andrew Bartlett írta:
>>> On Fri, 2012-07-13 at 07:30 +0200, Gémes Géza wrote:
>>>
>>>> Hi,
>>>>
>>>> Sorry for being annoying, but what is your opinion about the patch? Is
>>>> there anything you would recommend changing?
>>>> For simplicity I've reattached the patch.
>>>>
>>>> Cheers
>>>>
>>>> Geza
>>> The patch is in autobuild.  Indeed, if it had not hit a flaky test (s3dc
>>> failed the samr.large-dc test, which is unrelated and quite unusual), it
>>> would be in master by now.
>>>
>>> There is nothing I find more uplifting than enthusiastic developers who
>>> are ready and willing to provide tested patches the solve real-world
>>> problems.
>>>
>>> Thanks so very much for your hard work, and I look forward to seeing
>>> your patches for the improved s3 migration!
>>>
>>> Andrew Bartlett
>>>
>> Thank you for your kindness with me.
>>
>> I still have to sort out some problems with the migration patch.
>> What is your opinion shall we set the
>> msSFU30MaxUidNumber/msSFU30MaxGidNumber attributes to the current
>> maximum uidnumber/gidnumber + 1?
>> Or leave that attrs for now?
> I looked to see what precedent we could follow.  The ldapsam:editposix
> behaviour is to ask winbind for an id from the idmap pool at runtime,
> but that won't help us specify a fixed base for these attributes.
>
> I don't like just leaving this, particularly if it defaults to 10000 in
> the GUI (as then we have no control, and we might know that 10000 is
> unsuitable), but I would like time to think about this more before we
> put this into the provision.
>
> Thanks,
>
> Andrew Bartlett
>
Hi,

First, I interpret your answer as the following (correct me if I'm wrong):

In the case of classicupgrade populate the 
msSFU30MaxUidNumber/msSFU30MaxGidNumber attributes

Second, sorry for whining, but I'm simply too stupid to see the problem 
with the following code:

urls = samba3.lp.get("passdb backend").split(":",1)[1].strip('"')
res = None
for url in urls.split():
     print "URL OK: "+url+"!"
     ldb = SamDB(url, session_info=system_session(samba3.lp), 
credentials=creds, lp=samba3.lp)
     print "ldb OK!"
     domain_dn = ldb.domain_dn()
     try:
         res = ldb.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
expression=("(&(objectClass=posixAccount)(uid=%u))"
                                    % (user)), attrs=[attr])
     except LdbError:
         continue
     if res != None:
         return res
     else:
         continue

The prints are for debugging. The only thing I can get of it is th url 
part. "ldb OK!" never gets printed, neither any error message. So I 
don't know what could happen in the ldb = SamDB(... part. the url is 
checked, the credentials part is initialized with the ldap admin dn and 
the corresponding password from secrets.tdb, also checked. I'm simply 
out of ideas.

Cheers

Geza

More information about the samba-technical mailing list