[PATCH] Add Unix attributes to a user or group in AD

Rowland Penny repenny241155 at gmail.com
Fri Nov 20 12:22:10 UTC 2015 

On 20/11/15 11:12, Michael Adam wrote:
> On 2015-11-20 at 10:09 +0000, Rowland Penny wrote:
>> On 20/11/15 09:37, Michael Adam wrote:
>>> On 2015-11-20 at 09:27 +0000, Rowland Penny wrote:
>>>> On 20/11/15 08:13, Michael Adam wrote:
>>>>> On 2015-11-16 at 19:14 +0000, Rowland Penny wrote:
>>>>>> On 16/11/15 14:34, Michael Adam wrote:
>>>>>>> Rowland,
>>>>>>>
>>>>>>> I lost track of the most up-to-date patches.
>>>>>>> (Scattered over several mail threads, I think.)
>>>>>>> Could you please re-send the latest, complete
>>>>>>> patchset for this?
>>>>>>>
>>>>>>> Thanks a lot!
>>>>>>>
>>>>>>> Michael
>>>>>>>
>>>>>>>
>>>>>> OK, here are the patches as requested by Michael Adam:
>>>>> Thanks for updating the patches!
>>>>>
>>>>> I'd really like someone who is more into our python/samba-tool
>>>>> code to review. Generally the patches look pretty good to me.
>>>>> Just two comments right now:
>>>>>
>>>>> - I still don't quite understand, why you taken an all-or-nothing
>>>>>    approach instead of possibly selectively setting unix
>>>>>    attributes. And allowing for modification / addition of attribs
>>>>>    on objects that already have a nis attribute. It does not
>>>>>    seem natural to me.
>>>> I am only doing what happens when you add rfc2307 attributes with ADUC,
>>> What is ADUC ?
>> Oh come on Michael, are you being serious, :-D
>>
>> ADUC = Active Directory Users and Computers, the windows mmc tool
> I guessed s/th in that direction.
> As I mentioned I am not really an AD server guy...
>
>>>> this is also the way samba-tool works when you create a user
>>>> with rfc2307 attributes i.e.
>>> Yeah, creation is OK.
>>> But i don't see a reason to separate full adding and modifying.
>>> I think the most useful tool would be one that can set individual
>>> attributes.
>>>
>>> I'd like to hear more opinions. I just thing that we should not
>>> restrict ourselves unnecessarily. This is our tool and we can
>>> define how it works. :-)
>> I totally agree that Samba needs a tool to do what you are saying, but Samba
>> also needs a tool that is compatible with the way windows works, or rather
>> (as far as I understand) doesn't work now if you are using ADUC on windows
>> 10, there is no Unix Attributes tab on windows 10 ADUC.
> Ok. Did I mention I am not realy an AD guy? ;-)
> So I am willing yo accept your reasoning here. :-)
>
>>>> samba-tool user add User5 passw5rd --nis-domain=samdom
>>>> --unix-home=/home/User5
>>>> --uid-number=10005 --login-shell=/bin/false --gid-number=10000
>>>>
>>>> I entirely agree that samba-tool needs something to add/mod attributes, but
>>>> this will need to be another patch.
>>> Not sure. One tool for that would be sufficient imho.
>> Do not agree, windows has two tools for this, One is the Unix Attribute tab
>> that does what these patches do
> Really? Doesn't it use defaults?
> Anyhow, I bought your arguments on how you want the tool to
> function. ;-)
>
>> and the other is an attribute modification tool.
>>
>> What Samba also needs is a tool to add/remove/change any attribute, however
>> this concept is totally different from making a user or group a Unix user or
>> group.
> That exists, right? ldbedit .. ;-)

Well yes, but what if you quickly want to change where a users home 
directory is stored (this is just an instance),
Windows has a tool for this and in my opinion, so should Samba.

>
>> There are other things that need changing first, for instance, when you join
>> a new DC to the domain its NS record does not get added to the SOA records,
>> I think this is because the code seems to only want to create a new SOA and
>> as it already exists, this will fail.
> Well, that is an unrelated change, I'd say.
> Possibly of higher priority.

And I am working on it, but to be honest, from the trouble I am having 
getting any patches accepted, I am now beginning to wonder if it is 
worth the effort.

For instance, I sent a patch that did a very simple thing, when you run 
'samba-tool user create --help' most of the examples use 'add' instead 
of 'create'. All my patch does is to change 'add' to 'create', but this 
has been ignored.

Rowland

> Cheers - Michael

More information about the samba-technical mailing list