[PATCHES] Add Unix attributes to a user or group
Andrew Bartlett
abartlet at samba.org
Thu Sep 22 21:13:05 UTC 2016
On Thu, 2016-09-22 at 20:58 +0100, Rowland Penny wrote:
> On Thu, 22 Sep 2016 14:22:36 -0500
> Andrew Bartlett <abartlet at samba.org> wrote:
>
> >
> > On Thu, 2016-09-22 at 15:22 +0100, Rowland Penny wrote:
> > >
> > > On Thu, 22 Sep 2016 08:36:53 -0500
> > > Andrew Bartlett <abartlet at samba.org> wrote:
> > >
> > > >
> > > >
> > > > On Thu, 2016-09-22 at 13:56 +0100, Rowland Penny wrote:
> > > > >
> > > > >
> > > > > Hi, these patches allow RFC2307 attributes to be added to a
> > > > > user
> > > > > or group created on ADUC.
> > > > >
> > > > > The first patch for samdb.py actually does the
> > > > > addition/modification
> > > > >
> > > > > The second & third patches will add the same attributes that
> > > > > windows
> > > > > adds via the Unix Attributes tab in ADUC (note: this tab does
> > > > > not exist
> > > > > on win10).
> > > > >
> > > > > the fourth patch allows adding or modifying user attributes,
> > > > > either
> > > > > single or multiple attributes, these will be prompted for.
> > > >
> > > > Thanks Rowland.
> > > >
> > > > I do very much appreciate your efforts to improve samba-tool.
> > > >
> > > > As you have probably come to expect, my first request is to
> > > > please
> > > > write up the matching automated tests.
> > >
> > > I am quite prepared to update the 'samba-tool user create' test,
> > > but
> > > only after the test is updated to actually test what samba-tool
> > > does
> > > now when a user is created with rfc2307 attributes.
> >
> > That's fine, but I don't think we can proceed with this patch until
> > then.
> >
>
> OK, how about this, I will rewrite 'samba-tool user create so it
> obtains the NETBiosName from AD (this will fix something I discussed
> with Marc offlist) and then rewrite the test, once this has been
> accepted, I will then rewrite my patches and alter the test to suit.
That sounds like a plan. That nicely confirms which code the
(evolving) test applies to, which is really good engineering practice.
> >
> > I realise this is asking you to do more work, but this is one of
> > the
> > few leavers we have for expanding our testing. And yes, I have
> > often
> > had to start a whole new testsuite when wanting to tweak an
> > existing
> > area.
> >
> > It is doubly important for python code, because we don't even have
> > a
> > compiler to check it.
> >
> > >
> > > >
> > > >
> > > >
> > > > We need tests that run the various options (because python
> > > > errors
> > > > are
> > > > only discovered when code is run, so we must cover all the
> > > > codepaths),
> > > > and we need tests that confirm that the values are correctly
> > > > modified
> > > > in the database by comparing with the results in the LDB
> > > > entries.
> > > >
> > > > Regarding 'nisadd', I'm assuming we are specifying the invalid
> > > > unixUserPassword out of some caution that someone will
> > > > foolishly
> > > > use
> > > > this for real NIS, and missing might become an empty password?
> > > > Can you check if this really happens?
> > >
> > > This was discussed when Marc altered 'samba-tool user create',
> > > this
> > > is exactly what ADUC does.
> >
> > Can you get me the archive link so I can't familiarise/remind
> > myself?
> >
>
> I am older than you, but I can remember it LOL
>
> https://lists.samba.org/archive/samba-technical/2014-November/103408.
> html
Thanks. You can see I still get bothered about it :-)
Regarding the modify stuff, I think the best and most consistent
approach for a 'samba-tool user modify' would be to have it take and
apply the same arguments that samba-tool user create now has, and then
work from there. I realise that isn't interactive, but it will make
much easier a scripted approach to testing, and we can move to
something interactive as a second step.
Does that sound reasonable?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list