Samba4 patch for manipulating Unix attributes via ADUC
Andrew Bartlett
abartlet at samba.org
Sat Jul 14 00:22:46 MDT 2012
On Sat, 2012-07-14 at 08:14 +0200, Gémes Géza wrote:
> 2012-07-14 01:09 keltezéssel, Andrew Bartlett írta:
> > On Fri, 2012-07-13 at 22:05 +0200, Gémes Géza wrote:
> >> 2012-07-13 07:50 keltezéssel, Andrew Bartlett írta:
> >>> On Fri, 2012-07-13 at 07:30 +0200, Gémes Géza wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> Sorry for being annoying, but what is your opinion about the patch? Is
> >>>> there anything you would recommend changing?
> >>>> For simplicity I've reattached the patch.
> >>>>
> >>>> Cheers
> >>>>
> >>>> Geza
> >>> The patch is in autobuild. Indeed, if it had not hit a flaky test (s3dc
> >>> failed the samr.large-dc test, which is unrelated and quite unusual), it
> >>> would be in master by now.
> >>>
> >>> There is nothing I find more uplifting than enthusiastic developers who
> >>> are ready and willing to provide tested patches the solve real-world
> >>> problems.
> >>>
> >>> Thanks so very much for your hard work, and I look forward to seeing
> >>> your patches for the improved s3 migration!
> >>>
> >>> Andrew Bartlett
> >>>
> >> Thank you for your kindness with me.
> >>
> >> I still have to sort out some problems with the migration patch.
> >> What is your opinion shall we set the
> >> msSFU30MaxUidNumber/msSFU30MaxGidNumber attributes to the current
> >> maximum uidnumber/gidnumber + 1?
> >> Or leave that attrs for now?
> > I looked to see what precedent we could follow. The ldapsam:editposix
> > behaviour is to ask winbind for an id from the idmap pool at runtime,
> > but that won't help us specify a fixed base for these attributes.
> >
> > I don't like just leaving this, particularly if it defaults to 10000 in
> > the GUI (as then we have no control, and we might know that 10000 is
> > unsuitable), but I would like time to think about this more before we
> > put this into the provision.
> >
> > Thanks,
> >
> > Andrew Bartlett
> >
> Hi,
>
> First, I interpret your answer as the following (correct me if I'm wrong):
>
> In the case of classicupgrade populate the
> msSFU30MaxUidNumber/msSFU30MaxGidNumber attributes
I actually meant the opposite. For now, don't populate them ever, while
I keep thinking about what the right thing to do is.
> Second, sorry for whining, but I'm simply too stupid to see the problem
> with the following code:
>
> urls = samba3.lp.get("passdb backend").split(":",1)[1].strip('"')
> res = None
> for url in urls.split():
> print "URL OK: "+url+"!"
> ldb = SamDB(url, session_info=system_session(samba3.lp),
> credentials=creds, lp=samba3.lp)
> print "ldb OK!"
> domain_dn = ldb.domain_dn()
> try:
> res = ldb.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
> expression=("(&(objectClass=posixAccount)(uid=%u))"
> % (user)), attrs=[attr])
> except LdbError:
> continue
> if res != None:
> return res
> else:
> continue
>
> The prints are for debugging. The only thing I can get of it is th url
> part. "ldb OK!" never gets printed, neither any error message. So I
> don't know what could happen in the ldb = SamDB(... part. the url is
> checked, the credentials part is initialized with the ldap admin dn and
> the corresponding password from secrets.tdb, also checked. I'm simply
> out of ideas.
Run the script under gdb or valgrind. I bet it's crashing.
eg
gdb --args python /usr/local/samba/sbin/samba-tool domain classicupgrade
valgrind python /usr/local/samba/sbin/samba-tool domain classicupgrade
This may give some clues.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list