[PATCH] samba-tool schema attribute query_oc

Andrew Bartlett abartlet at samba.org
Fri May 18 06:39:06 UTC 2018

On Fri, 2018-05-18 at 16:32 +1000, William Brown wrote:
> > 
> > > > Also, on the show command, do the reverse mapping back to the
> > > > string
> > > > flags.
> > > 
> > > That's quite a bit more invasive, but can be done.
> > 
> > Most mortals don't do hex bitmasks in their heads nearly as well as a
> > computer can :-)
> > 
> > For both get and set, unknown flags can still be represented in hex,
> > but I don't fancy the support enquiries about flags our tools support
> > but our server ignores. 
> > 
> Hey mate,
> I've decided not to do this. I think it's extremely complicated, and
> can not be done cleanly.
> This stems from two issues.
> First we could make the change in write_ldif, but then we need a way in
> reading an ldif to transform these flags back into an int. Not nice,
> and also really hacking in write_ldif.
> We could parse each msg element, and print them all, but then we are
> basically re-writing write-ldif but in python as we need to understand
> all the binary decode cases so we can do ndr_unpack etc. Again, a huge
> amount of effort, and really not nice.

You can just push a string value or set of string values back into the
ldb message and then print it.  It isn't read-only.

> Another other solution is "use write_ldif and then string manipulate
> the output". This is the cleanest solution, and that says something
> given how absolutely hacky it is. Either we'd replace the values in the
> string output, or add "another attribute" like searchFlagsDecoded: and
> put the values in that. But this is just as horrible.
> The last option (which I think is actually the best) is a patch to LDB
> to support generating these flags to the actual object itself so you
> can just see them with plain ldapsearch. Then we don't need special
> handling in the cli at all, and any ldap viewer will see these flags.
> But that's also the most controversial change too :) 

We do that for plenty of other attributes.  See lib/ldb-

> Today, having something to show schema is already 100x better than we
> were a month ago. Even if it's not perfect doing the decode, it's still
> a huge jump. So that's why I'm not going to implement this (today). I'm
> happy to leave it in my mind and come back to it when we have a proper,
> clean way to do this. 
> > > > 
> > > > Finally, you seem to be looking for ldb.get_schema_basedn() with
> > > > your
> > > > patch to samdb.py.
> > > 
> > > Ahhhhhh okay. I'll check this and update soon. 
> > > 
> Fixed,
> Updated patches attached.

Before I look at these again, can you push them to some kind of CI,
either github or gitlab?


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list