[PATCHES] Add Unix attributes to a user or group

Rowland Penny repenny241155 at gmail.com
Thu Sep 22 21:20:40 UTC 2016 

On Thu, 22 Sep 2016 16:13:05 -0500
Andrew Bartlett <abartlet at samba.org> wrote:

> On Thu, 2016-09-22 at 20:58 +0100, Rowland Penny wrote:
> > On Thu, 22 Sep 2016 14:22:36 -0500
> > Andrew Bartlett <abartlet at samba.org> wrote:
> > 
> > > 
> > > On Thu, 2016-09-22 at 15:22 +0100, Rowland Penny wrote:
> > > > 
> > > > On Thu, 22 Sep 2016 08:36:53 -0500
> > > > Andrew Bartlett <abartlet at samba.org> wrote:
> > > > 
> > > > > 
> > > > > 
> > > > > On Thu, 2016-09-22 at 13:56 +0100, Rowland Penny wrote:
> > > > > > 
> > > > > > 
> > > > > > Hi, these patches allow RFC2307 attributes to be added to a
> > > > > > user
> > > > > > or group created on ADUC.
> > > > > > 
> > > > > > The first patch for samdb.py actually does the
> > > > > > addition/modification
> > > > > > 
> > > > > > The second & third patches will add the same attributes that
> > > > > > windows
> > > > > > adds via the Unix Attributes tab in ADUC (note: this tab
> > > > > > does not exist
> > > > > > on win10).
> > > > > > 
> > > > > > the fourth patch allows adding or modifying user attributes,
> > > > > > either
> > > > > > single or multiple attributes, these will be prompted for.
> > > > > 
> > > > > Thanks Rowland.  
> > > > > 
> > > > > I do very much appreciate your efforts to improve samba-tool.
> > > > > 
> > > > > As you have probably come to expect, my first request is to
> > > > > please
> > > > > write up the matching automated tests. 
> > > > 
> > > > I am quite prepared to update the 'samba-tool user create' test,
> > > > but
> > > > only after the test is updated to actually test what samba-tool
> > > > does
> > > > now when a user is created with rfc2307 attributes.
> > > 
> > > That's fine, but I don't think we can proceed with this patch
> > > until then.
> > > 
> > 
> > OK, how about this, I will rewrite 'samba-tool user create so it
> > obtains the NETBiosName from AD (this will fix something I discussed
> > with Marc offlist) and then rewrite the test, once this has been
> > accepted, I will then rewrite my patches  and alter the test to
> > suit.
> 
> That sounds like a plan.  That nicely confirms which code the
> (evolving) test applies to, which is really good engineering
> practice. 
> 

OK, working on it, but not as easy as it sounds ;-)


> > > 
> > > I realise this is asking you to do more work, but this is one of
> > > the
> > > few leavers we have for expanding our testing.  And yes, I have
> > > often
> > > had to start a whole new testsuite when wanting to tweak an
> > > existing
> > > area. 
> > > 
> > > It is doubly important for python code, because we don't even have
> > > a
> > > compiler to check it.
> > > 
> > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > We need tests that run the various options (because python
> > > > > errors
> > > > > are
> > > > > only discovered when code is run, so we must cover all the
> > > > > codepaths),
> > > > > and we need tests that confirm that the values are correctly
> > > > > modified
> > > > > in the database by comparing with the results in the LDB
> > > > > entries.
> > > > > 
> > > > > Regarding 'nisadd', I'm assuming we are specifying the invalid
> > > > > unixUserPassword out of some caution that someone will
> > > > > foolishly
> > > > > use
> > > > > this for real NIS, and missing might become an empty password?
> > > > >  Can you check if this really happens? 
> > > > 
> > > > This was discussed when Marc altered 'samba-tool user create',
> > > > this
> > > > is exactly what ADUC does.
> > > 
> > > Can you get me the archive link so I can't familiarise/remind
> > > myself?
> > > 
> > 
> > I am older than you, but I can remember it LOL
> > 
> > https://lists.samba.org/archive/samba-technical/2014-November/103408.
> > html
> 
> Thanks.  You can see I still get bothered about it :-)
> 
> Regarding the modify stuff, I think the best and most consistent
> approach for a 'samba-tool user modify' would be to have it take and
> apply the same arguments that samba-tool user create now has, and then
> work from there.  I realise that isn't interactive, but it will make
> much easier a scripted approach to testing, and we can move to
> something interactive as a second step.
> 
> Does that sound reasonable?

Well it would, except that is what 'cmd_user_nis_add' does, did you
even read it ?

Rowland

More information about the samba-technical mailing list