[PATCH] Supplement nss info gecos from displayName

Rowland Penny repenny241155 at gmail.com
Mon Jul 27 20:26:18 UTC 2015


On 27/07/15 21:11, Ralph Böhme wrote:
> On Mon, Jul 27, 2015 at 06:30:51PM +0100, Rowland Penny wrote:
>> On 27/07/15 18:12, Ralph Böhme wrote:
>>> Attached is a small patchset that tries to address a shortcoming in
>>> winbind pulling gecos information from AD.
>>>
>>> Either winbind nss info sfu, sfu20 and rfc2307 will end up querying
>>> the gecos attribute, which will be empty in most cases, as neither
>>> Samba AD nor Windows with IDMU assigns a value to it by default.
>>>
>>> As a result Samba servers pulling nss info via winbind will show empty
>>> gecos fields. Wouldn't it make sense to pull the gecos info from
>>> another attribute like displayName in case gecos is empty?
>>>
>>> Review&comments appreciated. Thanks!
>>>
>>> -Ralph
>>>
>> er, you do realise that if you create a user with samba-tool
>> 'samba-tool user create username' you do not get a displayName
>> attribute either,
> yes, but using MS tools will.
>
>> so what are your plans to fall back to ?
> That's not the point.
>
>> Or to put it another way, you cannot presume the displayName
>> attribute will be populated either, so why bother ?
> Because when using MS tools gecos will always be empty while
> displayName will contain something. For Samba users in an MS AD
> environment that makes a difference I guess.
>
> Cheerio!
> -Ralph

Hi Ralph, I think you are missing the point :-)

You cannot be sure that displayName will be populated, so if you want 
'gecos' to seemingly contain something, you need to either patch 
'samba-tool user create' to refuse to create the user unless the users 
first and last names are also given i.e. just like windows, or test if 
gecos is empty, if so, use displayName contents and if this is also 
empty, fall back to samaccountname.

I personally think using the contents of one attribute instead of 
another (even if it is empty) is not a good idea, but hey, what does my 
opinion count for.

Rowland



More information about the samba-technical mailing list