[Samba] [PATCH] Set RFC2307 attributes in samba-tool create

Alexander Wuerstlein snalwuer at cip.cs.fau.de
Sat Sep 29 08:10:30 MDT 2012

On Sat, 29 Sep 2012 08:07:25 +1000
Andrew Bartlett <abartlet at samba.org> wrote:

> On Tue, 2012-09-25 at 16:54 +0200, Alexander Wuerstlein wrote:
> > Optionally set RFC2307 (NIS Schema) attributes in samba-tool create.
> > Mainly needed for UID mapping to be usable.
> > Not all attributes are set-able, only harmless and non-overlapping
> > ones (uid, uidNumber, gidNumber, loginShell, gecos). Description and
> > homeDirectory should already be set, userPassword seems problematic.
> This looks OK so far, but we really should have some test on the local
> setting of idmap_ldb:use rfc2307 to avoid total user confusion.   (I
> personally think that having this option creates more problems than it
> solves). 

Checking the local config and warning about the missing setting would
certainly be doable. I'm just not sure if its better to check this
on every 'samba-tool user create' (with the added problem that in the
remote access case this would either have to be silent or warn about
not being local), create some 'samba-tool user idmap_info' or extend
'wbinfo'. Any preferences?

And I agree that the option has at least the wrong default value, the
least confusing imho would be to always create RFC2307 attributes and
to always use them for UID mapping, except if explicitly configured
otherwise. After all, people use samba for interoperability, not to
create differences by default.
> Finally, we need tests written for this and included in the testsuite,
> so we don't subtly break this in the future.  (the testing of the
> actual getpwnam call will be difficult, but at least the command line
> options can be easily tested). 

Yes, I can create those. Testing getpwnam is tricky, but I don't think
its necessary for the samba testsuite to do that, thats what the libc
and Python should test. So I propose to just pick a random, existing,
local user like the current $USER, do a samba-tool user create
--rfc2307-from-nss and compare the attributes in SamDB to what getpwnam


Alexander Wuerstlein.

More information about the samba-technical mailing list