[PATCHES] GPO support for the AD DC itself

David Mulder dmulder at suse.com
Tue Jun 20 13:12:20 UTC 2017


> In the patch 'libgpo: Add libgpo python bindings' you remove a return
> case in finalize_local_nt_token. Can you explain why? Where were you
> using it and why is this necessary?
Oh, yes. I believe that happens inside the gp_get_machine_token() call
in py_ads_get_gpo_list(). This call always fails for a computer object
that's a DC. I'm not certain why, but I can look into that more.
>
> On the whole, it looks much improved. But there needs to be some more
> comments (either in the code or the commit message) on what you're
> actually doing. For instance, I notice that you've introduced GPO
> unapply and it uses an xml log file. How is this file actually formatted
> and used? Similarly, in applying krb5 settings, which settings does it
> alter and how does it alter them? There needs to be some more high level
> documentation, both for other developers and for users.
> docs-xml/smbdotconf/domain/gpoupdatecommand.xml probably needs an
> extensive list of what is and is not being applied for example because
> it's not obvious at a glance.
I'll add some better documentation in gpoupdatecommand.xml.
I suppose the best place to document the new xml unapply log would be in
comments.
I'll add more comments in general to make all of it more clear.

-- 
David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton, HRB 21284 (AG N├╝rnberg)




More information about the samba-technical mailing list