[PATCHES] Add Unix attributes to a user or group

Andrew Bartlett abartlet at samba.org
Thu Sep 22 21:13:05 UTC 2016


On Thu, 2016-09-22 at 20:58 +0100, Rowland Penny wrote:
> On Thu, 22 Sep 2016 14:22:36 -0500
> Andrew Bartlett <abartlet at samba.org> wrote:
> 
> > 
> > On Thu, 2016-09-22 at 15:22 +0100, Rowland Penny wrote:
> > > 
> > > On Thu, 22 Sep 2016 08:36:53 -0500
> > > Andrew Bartlett <abartlet at samba.org> wrote:
> > > 
> > > > 
> > > > 
> > > > On Thu, 2016-09-22 at 13:56 +0100, Rowland Penny wrote:
> > > > > 
> > > > > 
> > > > > Hi, these patches allow RFC2307 attributes to be added to a
> > > > > user
> > > > > or group created on ADUC.
> > > > > 
> > > > > The first patch for samdb.py actually does the
> > > > > addition/modification
> > > > > 
> > > > > The second & third patches will add the same attributes that
> > > > > windows
> > > > > adds via the Unix Attributes tab in ADUC (note: this tab does
> > > > > not exist
> > > > > on win10).
> > > > > 
> > > > > the fourth patch allows adding or modifying user attributes,
> > > > > either
> > > > > single or multiple attributes, these will be prompted for.
> > > > 
> > > > Thanks Rowland.  
> > > > 
> > > > I do very much appreciate your efforts to improve samba-tool.
> > > > 
> > > > As you have probably come to expect, my first request is to
> > > > please
> > > > write up the matching automated tests. 
> > > 
> > > I am quite prepared to update the 'samba-tool user create' test,
> > > but
> > > only after the test is updated to actually test what samba-tool
> > > does
> > > now when a user is created with rfc2307 attributes.
> > 
> > That's fine, but I don't think we can proceed with this patch until
> > then.
> > 
> 
> OK, how about this, I will rewrite 'samba-tool user create so it
> obtains the NETBiosName from AD (this will fix something I discussed
> with Marc offlist) and then rewrite the test, once this has been
> accepted, I will then rewrite my patches  and alter the test to suit.

That sounds like a plan.  That nicely confirms which code the
(evolving) test applies to, which is really good engineering practice. 

> > 
> > I realise this is asking you to do more work, but this is one of
> > the
> > few leavers we have for expanding our testing.  And yes, I have
> > often
> > had to start a whole new testsuite when wanting to tweak an
> > existing
> > area. 
> > 
> > It is doubly important for python code, because we don't even have
> > a
> > compiler to check it.
> > 
> > > 
> > > > 
> > > > 
> > > > 
> > > > We need tests that run the various options (because python
> > > > errors
> > > > are
> > > > only discovered when code is run, so we must cover all the
> > > > codepaths),
> > > > and we need tests that confirm that the values are correctly
> > > > modified
> > > > in the database by comparing with the results in the LDB
> > > > entries.
> > > > 
> > > > Regarding 'nisadd', I'm assuming we are specifying the invalid
> > > > unixUserPassword out of some caution that someone will
> > > > foolishly
> > > > use
> > > > this for real NIS, and missing might become an empty password?
> > > >  Can you check if this really happens? 
> > > 
> > > This was discussed when Marc altered 'samba-tool user create',
> > > this
> > > is exactly what ADUC does.
> > 
> > Can you get me the archive link so I can't familiarise/remind
> > myself?
> > 
> 
> I am older than you, but I can remember it LOL
> 
> https://lists.samba.org/archive/samba-technical/2014-November/103408.
> html

Thanks.  You can see I still get bothered about it :-)

Regarding the modify stuff, I think the best and most consistent
approach for a 'samba-tool user modify' would be to have it take and
apply the same arguments that samba-tool user create now has, and then
work from there.  I realise that isn't interactive, but it will make
much easier a scripted approach to testing, and we can move to
something interactive as a second step.

Does that sound reasonable?

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba-technical mailing list