[PATCH] Add Unix attributes to a user or group in AD

Michael Adam obnox at samba.org
Fri Nov 20 11:12:18 UTC 2015

On 2015-11-20 at 10:09 +0000, Rowland Penny wrote:
> On 20/11/15 09:37, Michael Adam wrote:
> >On 2015-11-20 at 09:27 +0000, Rowland Penny wrote:
> >>On 20/11/15 08:13, Michael Adam wrote:
> >>>On 2015-11-16 at 19:14 +0000, Rowland Penny wrote:
> >>>>On 16/11/15 14:34, Michael Adam wrote:
> >>>>>Rowland,
> >>>>>
> >>>>>I lost track of the most up-to-date patches.
> >>>>>(Scattered over several mail threads, I think.)
> >>>>>Could you please re-send the latest, complete
> >>>>>patchset for this?
> >>>>>
> >>>>>Thanks a lot!
> >>>>>
> >>>>>Michael
> >>>>>
> >>>>>
> >>>>OK, here are the patches as requested by Michael Adam:
> >>>Thanks for updating the patches!
> >>>
> >>>I'd really like someone who is more into our python/samba-tool
> >>>code to review. Generally the patches look pretty good to me.
> >>>Just two comments right now:
> >>>
> >>>- I still don't quite understand, why you taken an all-or-nothing
> >>>   approach instead of possibly selectively setting unix
> >>>   attributes. And allowing for modification / addition of attribs
> >>>   on objects that already have a nis attribute. It does not
> >>>   seem natural to me.
> >>I am only doing what happens when you add rfc2307 attributes with ADUC,
> >What is ADUC ?
> Oh come on Michael, are you being serious, :-D
> ADUC = Active Directory Users and Computers, the windows mmc tool

I guessed s/th in that direction.
As I mentioned I am not really an AD server guy...

> >>this is also the way samba-tool works when you create a user
> >>with rfc2307 attributes i.e.
> >Yeah, creation is OK.
> >But i don't see a reason to separate full adding and modifying.
> >I think the most useful tool would be one that can set individual
> >attributes.
> >
> >I'd like to hear more opinions. I just thing that we should not
> >restrict ourselves unnecessarily. This is our tool and we can
> >define how it works. :-)
> I totally agree that Samba needs a tool to do what you are saying, but Samba
> also needs a tool that is compatible with the way windows works, or rather
> (as far as I understand) doesn't work now if you are using ADUC on windows
> 10, there is no Unix Attributes tab on windows 10 ADUC.

Ok. Did I mention I am not realy an AD guy? ;-)
So I am willing yo accept your reasoning here. :-)

> >>samba-tool user add User5 passw5rd --nis-domain=samdom
> >>--unix-home=/home/User5
> >>--uid-number=10005 --login-shell=/bin/false --gid-number=10000
> >>
> >>I entirely agree that samba-tool needs something to add/mod attributes, but
> >>this will need to be another patch.
> >Not sure. One tool for that would be sufficient imho.
> Do not agree, windows has two tools for this, One is the Unix Attribute tab
> that does what these patches do

Really? Doesn't it use defaults?
Anyhow, I bought your arguments on how you want the tool to
function. ;-)

> and the other is an attribute modification tool.
> What Samba also needs is a tool to add/remove/change any attribute, however
> this concept is totally different from making a user or group a Unix user or
> group.

That exists, right? ldbedit .. ;-)

> There are other things that need changing first, for instance, when you join
> a new DC to the domain its NS record does not get added to the SOA records,
> I think this is because the code seems to only want to create a new SOA and
> as it already exists, this will fail.

Well, that is an unrelated change, I'd say.
Possibly of higher priority.

Cheers - Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151120/bbffe89e/signature.sig>

More information about the samba-technical mailing list