[PATCH] Supplement nss info gecos from displayName

Alexander Bokovoy ab at samba.org
Tue Jul 28 04:25:49 UTC 2015


On Mon, 27 Jul 2015, Rowland Penny wrote:
> On 27/07/15 21:11, Ralph Böhme wrote:
> >On Mon, Jul 27, 2015 at 06:30:51PM +0100, Rowland Penny wrote:
> >>On 27/07/15 18:12, Ralph Böhme wrote:
> >>>Attached is a small patchset that tries to address a shortcoming in
> >>>winbind pulling gecos information from AD.
> >>>
> >>>Either winbind nss info sfu, sfu20 and rfc2307 will end up querying
> >>>the gecos attribute, which will be empty in most cases, as neither
> >>>Samba AD nor Windows with IDMU assigns a value to it by default.
> >>>
> >>>As a result Samba servers pulling nss info via winbind will show empty
> >>>gecos fields. Wouldn't it make sense to pull the gecos info from
> >>>another attribute like displayName in case gecos is empty?
> >>>
> >>>Review&comments appreciated. Thanks!
> >>>
> >>>-Ralph
> >>>
> >>er, you do realise that if you create a user with samba-tool
> >>'samba-tool user create username' you do not get a displayName
> >>attribute either,
> >yes, but using MS tools will.
> >
> >>so what are your plans to fall back to ?
> >That's not the point.
> >
> >>Or to put it another way, you cannot presume the displayName
> >>attribute will be populated either, so why bother ?
> >Because when using MS tools gecos will always be empty while
> >displayName will contain something. For Samba users in an MS AD
> >environment that makes a difference I guess.
> >
> >Cheerio!
> >-Ralph
> 
> Hi Ralph, I think you are missing the point :-)
> 
> You cannot be sure that displayName will be populated, so if you want
> 'gecos' to seemingly contain something, you need to either patch 'samba-tool
> user create' to refuse to create the user unless the users first and last
> names are also given i.e. just like windows, or test if gecos is empty, if
> so, use displayName contents and if this is also empty, fall back to
> samaccountname.
Well, in case of SSSD we synthesize it from 'cn' (which couldn't be
missing). I'd prefer a common behavior here but otherwise I agree with
you.

-- 
/ Alexander Bokovoy



More information about the samba-technical mailing list