[PATCH] Supplement nss info gecos from displayName
Ralph Böhme
rb at sernet.de
Tue Jul 28 09:06:29 UTC 2015
On Mon, Jul 27, 2015 at 09:26:18PM +0100, Rowland Penny wrote:
> On 27/07/15 21:11, Ralph Böhme wrote:
> >On Mon, Jul 27, 2015 at 06:30:51PM +0100, Rowland Penny wrote:
> >>On 27/07/15 18:12, Ralph Böhme wrote:
> >>>Attached is a small patchset that tries to address a shortcoming in
> >>>winbind pulling gecos information from AD.
> >>>
> >>>Either winbind nss info sfu, sfu20 and rfc2307 will end up querying
> >>>the gecos attribute, which will be empty in most cases, as neither
> >>>Samba AD nor Windows with IDMU assigns a value to it by default.
> >>>
> >>>As a result Samba servers pulling nss info via winbind will show empty
> >>>gecos fields. Wouldn't it make sense to pull the gecos info from
> >>>another attribute like displayName in case gecos is empty?
> >>>
> >>>Review&comments appreciated. Thanks!
> >>>
> >>>-Ralph
> >>>
> >>er, you do realise that if you create a user with samba-tool
> >>'samba-tool user create username' you do not get a displayName
> >>attribute either,
> >yes, but using MS tools will.
> >
> >>so what are your plans to fall back to ?
> >That's not the point.
> >
> >>Or to put it another way, you cannot presume the displayName
> >>attribute will be populated either, so why bother ?
> >Because when using MS tools gecos will always be empty while
> >displayName will contain something. For Samba users in an MS AD
> >environment that makes a difference I guess.
> >
> >Cheerio!
> >-Ralph
>
> Hi Ralph, I think you are missing the point :-)
>
> You cannot be sure that displayName will be populated, so if you want
> 'gecos' to seemingly contain something, you need to either patch 'samba-tool
> user create' to refuse to create the user unless the users first and last
> names are also given i.e. just like windows, or test if gecos is empty, if
> so, use displayName contents and if this is also empty, fall back to
> samaccountname.
I expect users using samba-tool to add users to a Samba 4 AD to use
--gecos anyway, that's not the use case I'm trying to address.
What I'm trying to do is getting some sensible behaviour for users
using tools like RSAT which will never put something into gecos.
> I personally think using the contents of one attribute instead of another
> (even if it is empty) is not a good idea, but hey, what does my opinion
Your opinion is certainly welcome and appreciated!
-Ralph
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de
More information about the samba-technical
mailing list