[PATCHES] Add Unix attributes to a user or group
Rowland Penny
repenny241155 at gmail.com
Thu Sep 22 21:20:40 UTC 2016
On Thu, 22 Sep 2016 16:13:05 -0500
Andrew Bartlett <abartlet at samba.org> wrote:
> On Thu, 2016-09-22 at 20:58 +0100, Rowland Penny wrote:
> > On Thu, 22 Sep 2016 14:22:36 -0500
> > Andrew Bartlett <abartlet at samba.org> wrote:
> >
> > >
> > > On Thu, 2016-09-22 at 15:22 +0100, Rowland Penny wrote:
> > > >
> > > > On Thu, 22 Sep 2016 08:36:53 -0500
> > > > Andrew Bartlett <abartlet at samba.org> wrote:
> > > >
> > > > >
> > > > >
> > > > > On Thu, 2016-09-22 at 13:56 +0100, Rowland Penny wrote:
> > > > > >
> > > > > >
> > > > > > Hi, these patches allow RFC2307 attributes to be added to a
> > > > > > user
> > > > > > or group created on ADUC.
> > > > > >
> > > > > > The first patch for samdb.py actually does the
> > > > > > addition/modification
> > > > > >
> > > > > > The second & third patches will add the same attributes that
> > > > > > windows
> > > > > > adds via the Unix Attributes tab in ADUC (note: this tab
> > > > > > does not exist
> > > > > > on win10).
> > > > > >
> > > > > > the fourth patch allows adding or modifying user attributes,
> > > > > > either
> > > > > > single or multiple attributes, these will be prompted for.
> > > > >
> > > > > Thanks Rowland.
> > > > >
> > > > > I do very much appreciate your efforts to improve samba-tool.
> > > > >
> > > > > As you have probably come to expect, my first request is to
> > > > > please
> > > > > write up the matching automated tests.
> > > >
> > > > I am quite prepared to update the 'samba-tool user create' test,
> > > > but
> > > > only after the test is updated to actually test what samba-tool
> > > > does
> > > > now when a user is created with rfc2307 attributes.
> > >
> > > That's fine, but I don't think we can proceed with this patch
> > > until then.
> > >
> >
> > OK, how about this, I will rewrite 'samba-tool user create so it
> > obtains the NETBiosName from AD (this will fix something I discussed
> > with Marc offlist) and then rewrite the test, once this has been
> > accepted, I will then rewrite my patches and alter the test to
> > suit.
>
> That sounds like a plan. That nicely confirms which code the
> (evolving) test applies to, which is really good engineering
> practice.
>
OK, working on it, but not as easy as it sounds ;-)
> > >
> > > I realise this is asking you to do more work, but this is one of
> > > the
> > > few leavers we have for expanding our testing. And yes, I have
> > > often
> > > had to start a whole new testsuite when wanting to tweak an
> > > existing
> > > area.
> > >
> > > It is doubly important for python code, because we don't even have
> > > a
> > > compiler to check it.
> > >
> > > >
> > > > >
> > > > >
> > > > >
> > > > > We need tests that run the various options (because python
> > > > > errors
> > > > > are
> > > > > only discovered when code is run, so we must cover all the
> > > > > codepaths),
> > > > > and we need tests that confirm that the values are correctly
> > > > > modified
> > > > > in the database by comparing with the results in the LDB
> > > > > entries.
> > > > >
> > > > > Regarding 'nisadd', I'm assuming we are specifying the invalid
> > > > > unixUserPassword out of some caution that someone will
> > > > > foolishly
> > > > > use
> > > > > this for real NIS, and missing might become an empty password?
> > > > > Can you check if this really happens?
> > > >
> > > > This was discussed when Marc altered 'samba-tool user create',
> > > > this
> > > > is exactly what ADUC does.
> > >
> > > Can you get me the archive link so I can't familiarise/remind
> > > myself?
> > >
> >
> > I am older than you, but I can remember it LOL
> >
> > https://lists.samba.org/archive/samba-technical/2014-November/103408.
> > html
>
> Thanks. You can see I still get bothered about it :-)
>
> Regarding the modify stuff, I think the best and most consistent
> approach for a 'samba-tool user modify' would be to have it take and
> apply the same arguments that samba-tool user create now has, and then
> work from there. I realise that isn't interactive, but it will make
> much easier a scripted approach to testing, and we can move to
> something interactive as a second step.
>
> Does that sound reasonable?
Well it would, except that is what 'cmd_user_nis_add' does, did you
even read it ?
Rowland
More information about the samba-technical
mailing list