[PATCHES] GPO support for the AD DC itself

Garming Sam garming at catalyst.net.nz
Wed Jun 21 02:15:54 UTC 2017

Compiling the patches, I noticed that you haven't rebased on master
recently (at least from what you've given). There are some interface
changes which mean that there is a TALLOC_CTX * being supplied into some

There is also a compiler warning in torture/gpo/apply.c:

execv(cmd[0], (char * const *)&(cmd[1]))

Instead of casting, I think you should use a discard_const_p.



On 21/06/17 01:12, David Mulder wrote:
>> In the patch 'libgpo: Add libgpo python bindings' you remove a return
>> case in finalize_local_nt_token. Can you explain why? Where were you
>> using it and why is this necessary?
> Oh, yes. I believe that happens inside the gp_get_machine_token() call
> in py_ads_get_gpo_list(). This call always fails for a computer object
> that's a DC. I'm not certain why, but I can look into that more.
>> On the whole, it looks much improved. But there needs to be some more
>> comments (either in the code or the commit message) on what you're
>> actually doing. For instance, I notice that you've introduced GPO
>> unapply and it uses an xml log file. How is this file actually formatted
>> and used? Similarly, in applying krb5 settings, which settings does it
>> alter and how does it alter them? There needs to be some more high level
>> documentation, both for other developers and for users.
>> docs-xml/smbdotconf/domain/gpoupdatecommand.xml probably needs an
>> extensive list of what is and is not being applied for example because
>> it's not obvious at a glance.
> I'll add some better documentation in gpoupdatecommand.xml.
> I suppose the best place to document the new xml unapply log would be in
> comments.
> I'll add more comments in general to make all of it more clear.

More information about the samba-technical mailing list