Patch submission version 4
repenny241155 at gmail.com
Sun Dec 1 14:36:10 MST 2013
On 01/12/13 20:51, Andrew Bartlett wrote:
> On Wed, 2013-10-09 at 11:35 +0100, Rowland Penny wrote:
>> HI, I will say this once again, anything Samba does to the AD database
>> should match what Windows does.
>> Windows does NOT add either the 'posixAccount' or 'posixGroup'
>> attributes so Stephanes patch should not add this line:
>> + ldbmessage2["objectClass"] =
>> ldb.MessageElement('posixGroup', ldb.FLAG_MOD_ADD, 'objectClass')
>> it should be removing this line:
>> ldbmessage2["objectClass"] =
>> ldb.MessageElement('posixAccount', ldb.FLAG_MOD_ADD, 'objectClass')
> For the time-being, I'm going to accept being consistent with the
> existing code over making this change to the old code, in a patch series
> that is adding new functionality.
> Andrew Bartlett
Just because something was created wrong in the first place is not a
good reason for continuing the error, all I am asking is that the
totally un-needed posix objectclasses are removed from samba-tool.
posixAccount and posixShadow are both auxillaries of the 'users'
objectclass, posixGroup is the auxillary of the 'group' objectclass.
What this means is that the 'user' & 'group' objectclasses inherit all
the attributes from the posix objectclasses, this is why windows does
not add the objectclasses 'posixAccount' & 'posixGroup'.
You would not even need any tests for the removal of these
objectclasses, I mean how do you test for something that should not be
there, if you test for the attributes the posix objectclasses hold, they
can still be there.
As a last thought, if you insist on allowing the adding of the posix
objectclasses then you should stop recommending the use of ADUC or any
windows tools to add users & groups, because no windows tools will add
the posix objectclasses.
More information about the samba-technical