[PATCH] samba-tool schema attribute query_oc

William Brown william at blackhats.net.au
Wed May 16 09:14:43 UTC 2018 

On Mon, 2018-05-14 at 20:31 +1200, Andrew Bartlett via samba-technical
wrote:
> On Mon, 2018-05-14 at 15:18 +1000, William Brown wrote:
> > On Mon, 2018-05-14 at 16:14 +1200, Andrew Bartlett wrote:
> > > On Mon, 2018-05-14 at 14:03 +1000, William Brown via samba-
> > > technical
> > > wrote:
> > > > 
> > > > Thanks mate! I've done exactly this. The changes are in 0005-
> > > > python-
> > > > samba-netcmd-schema.py-add-schema-query-and-m.patch
> > > > 
> > > > You'll also note I've updated the test cases to check for
> > > > invalid
> > > > flags, wrong capitialisation, the --help is updated, and two
> > > > extra
> > > > flags are added to ms_schema. 
> > > > 
> > > > Once again, the 6 patches attached (sorry, I forgot the trick
> > > > you
> > > > showed me to get these into a single file)
> > > 
> > > --stdout.
> > > 
> > > The other thing I requested previously is to trim the list down
> > > to
> > > (or
> > > at the very least mark) those flags we in Samba actually
> > > honour.  For
> > > example, we always do a one-level index, so that flag is never
> > > used.
> > > 
> > 
> > Which flag is this specifically? Really we need all the flags there
> > because if we get the schema from an MSADDC we'll need to know how
> > to
> > translate it ... 
> 
> I'm concerned that having a tool that sets options that Samba just
> doesn't honour would be misleading.  We should make clear which
> options
> we don't support.  

Yes, but a windows DC in a domain/forest might support them ... 

Better so just document they don't do anything but leave them defined
because they may be in schema and need display. 

> 
> > > Also, on the show command, do the reverse mapping back to the
> > > string
> > > flags.
> > 
> > That's quite a bit more invasive, but can be done.
> 
> Most mortals don't do hex bitmasks in their heads nearly as well as a
> computer can :-)

WHAT! This is crazy talk, I thought everyone could just read hex at
birth :) (joking) 

It's more that I want the patchesto be "finished" I don't like adding
more and more to them. But I can also see that "doing it right" is your
intent here, so I'm happy to do this. 

> 
> For both get and set, unknown flags can still be represented in hex,
> but I don't fancy the support enquiries about flags our tools support
> but our server ignores. 
> 
> > > 
> > > Finally, you seem to be looking for ldb.get_schema_basedn() with
> > > your
> > > patch to samdb.py.
> > 
> > Ahhhhhh okay. I'll check this and update soon. 
> > 
> 
> Thanks,
> 
> Andrew Bartlett
>

More information about the samba-technical mailing list