samba-tool and abilty to set/list/remove individual attributes

Andrew Bartlett abartlet at
Mon Apr 13 18:52:07 MDT 2015

On Mon, 2015-03-30 at 12:01 +0200, Pierre-Francois CARPENTIER wrote:
> Hello,
> I've poked around python-samba this WE in order to enable fine grained
> management of user and group attributes:
> it adds the following methods to SamDB:
> * rmuserattr : remove a user attribute
> * rmgroupattr : remove a group attribute
> * setuserattr: set a user attribute
> * setgroupattr: set a group attribute
> * getuserattr: get a list of  a user's attribute(s)
> * getgroupattr: get a list of  a group's attribute(s)
> I would not consider this code "production ready" (lack of test/unit test,
> rough exception handling, special cases like binary data not handled
> properly... keep in mind it's only a WE work ^^), but it could give an idea
> on how to implement them.


I'm always glad to hear of new users, and particularly of folks who are
exploring the capabilities of and possible extensions to our python
bindings.  They are a great place to start in Samba AD development. 

> On a related subject, it could be nice to have a formatted and "parsable"
> output format (yaml?) for entry/entries listing.
> I've already post this on IRC, but the channel seems a bit dead.

I've been away for a few weeks, so sorry for the delay in looking at

The main thing I don't understand is why we need an abstraction beyond
LDB/LDAP for this.  Why are user or group objects sufficiently special,
that we need to have methods for them, rather than having the callers
just call LDB?

Perhaps another approach would be to have a helper function to give you
the DN of the a user, to then modify directly?


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list