[PATCHES] GPO support for the AD DC itself

David Mulder dmulder at suse.com
Tue Jun 20 13:12:20 UTC 2017

> In the patch 'libgpo: Add libgpo python bindings' you remove a return
> case in finalize_local_nt_token. Can you explain why? Where were you
> using it and why is this necessary?
Oh, yes. I believe that happens inside the gp_get_machine_token() call
in py_ads_get_gpo_list(). This call always fails for a computer object
that's a DC. I'm not certain why, but I can look into that more.
> On the whole, it looks much improved. But there needs to be some more
> comments (either in the code or the commit message) on what you're
> actually doing. For instance, I notice that you've introduced GPO
> unapply and it uses an xml log file. How is this file actually formatted
> and used? Similarly, in applying krb5 settings, which settings does it
> alter and how does it alter them? There needs to be some more high level
> documentation, both for other developers and for users.
> docs-xml/smbdotconf/domain/gpoupdatecommand.xml probably needs an
> extensive list of what is and is not being applied for example because
> it's not obvious at a glance.
I'll add some better documentation in gpoupdatecommand.xml.
I suppose the best place to document the new xml unapply log would be in
I'll add more comments in general to make all of it more clear.

David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton, HRB 21284 (AG N├╝rnberg)

More information about the samba-technical mailing list