Usability of 'samba-tool domain provision'

Andrew Bartlett abartlet at samba.org
Thu Jun 2 19:21:22 UTC 2016 

On Thu, 2016-06-02 at 15:19 +0100, Rowland Penny wrote:
> On 02/06/16 14:02, Andrew Bartlett wrote:
> > On Thu, 2016-06-02 at 12:28 +0100, Rowland Penny wrote:
> > > Ok, before I alter my patches, can you confirm, it is just the
> > > change
> > > of
> > > 'realm' & 'domain' from options to args, you are against, or is
> > > there
> > > anything else ?
> > The user should not be prompted about use_xattrs.  In fact, just to
> > demonstrate that Samba development is always an art both of knowing
> > the
> > rules and of knowing when not to apply them, I would argue we
> > should
> > actually drop the --use-xattrs option, or at least hide it.
> > 
> > https://git.samba.org/?p=asn/samba.git;a=commitdiff;h=4ee1d4b209a1e
> > 11f2
> > b62087e09d9f221d85bd137
> 
> If I understand you correctly, don't ask about 'use_xattrs', remove
> the 
> option and set 'use_xattrs' to 'auto'.

Yes, remove it from interactive, setting to auto.  

Then add "(deprecated)" to the help text for --use-xattrs, so we can
get rid of it in another release cycle (our standard is to give one
release of notice for these things).

> 
> > 
> > For the password check, I would prefer if we re-used the same
> > complexity check as the DB will use, perhaps by adding a python
> > binding
> > to the C function in use.  Otherwise I fear the two will diverge,
> > and
> > just cause further confusion.
> > 
> > https://git.samba.org/?p=asn/samba.git;a=commitdiff;h=f56bb2c2edbc7
> > c0ad
> > 406d642f2de2f09a25b85b2
> > 
> 
> Ah, here again, this is something I have never done, which 'C'
> function 
> are you referring to ? and is there anything in samba-tool that
> already 
> does something similar, that I can examine for clues :-)

Sadly no, and creating new C bindings isn't trivial either.  I realise
this is harder, but I would still prefer it was done right.

The C fuction is samdb_check_password() in source4/dsdb/common/util.c
and the bindings for this kind of thing are via source4/dsdb/pydsdb.c
via python/samba/samdb.py.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list