[PATCH] samba-tool schema attribute query_oc

[William Brown]

On Fri, 2018-05-18 at 18:39 +1200, Andrew Bartlett wrote:
> On Fri, 2018-05-18 at 16:32 +1000, William Brown wrote:
> > > 
> > > > > Also, on the show command, do the reverse mapping back to the
> > > > > string
> > > > > flags.
> > > > 
> > > > That's quite a bit more invasive, but can be done.
> > > 
> > > Most mortals don't do hex bitmasks in their heads nearly as well
> > > as a
> > > computer can :-)
> > > 
> > > For both get and set, unknown flags can still be represented in
> > > hex,
> > > but I don't fancy the support enquiries about flags our tools
> > > support
> > > but our server ignores. 
> > > 
> > 
> > Hey mate,
> > 
> > I've decided not to do this. I think it's extremely complicated,
> > and
> > can not be done cleanly.
> > 
> > This stems from two issues.
> > 
> > First we could make the change in write_ldif, but then we need a
> > way in
> > reading an ldif to transform these flags back into an int. Not
> > nice,
> > and also really hacking in write_ldif.
> > 
> > We could parse each msg element, and print them all, but then we
> > are
> > basically re-writing write-ldif but in python as we need to
> > understand
> > all the binary decode cases so we can do ndr_unpack etc. Again, a
> > huge
> > amount of effort, and really not nice.
> 
> You can just push a string value or set of string values back into
> the
> ldb message and then print it.  It isn't read-only.

So get the flags, change them, then push to write_ldif? This seems too
easy ;) 

> 
> > Another other solution is "use write_ldif and then string
> > manipulate
> > the output". This is the cleanest solution, and that says something
> > given how absolutely hacky it is. Either we'd replace the values in
> > the
> > string output, or add "another attribute" like searchFlagsDecoded:
> > and
> > put the values in that. But this is just as horrible.
> > 
> > The last option (which I think is actually the best) is a patch to
> > LDB
> > to support generating these flags to the actual object itself so
> > you
> > can just see them with plain ldapsearch. Then we don't need special
> > handling in the cli at all, and any ldap viewer will see these
> > flags.
> > But that's also the most controversial change too :) 
> 
> We do that for plenty of other attributes.  See lib/ldb-
> samba/ldif_handlers.c

Yes, but we'd be adding an attr that's "not in schema" technically. I
think your solution above is better. 

> 
> > Today, having something to show schema is already 100x better than
> > we
> > were a month ago. Even if it's not perfect doing the decode, it's
> > still
> > a huge jump. So that's why I'm not going to implement this (today).
> > I'm
> > happy to leave it in my mind and come back to it when we have a
> > proper,
> > clean way to do this. 
> > 
> > > > > 
> > > > > Finally, you seem to be looking for ldb.get_schema_basedn()
> > > > > with
> > > > > your
> > > > > patch to samdb.py.
> > > > 
> > > > Ahhhhhh okay. I'll check this and update soon. 
> > > > 
> > 
> > Fixed,
> > 
> > Updated patches attached.
> 
> Before I look at these again, can you push them to some kind of CI,
> either github or gitlab?

Sure, will do. I've been careful to run make test with these, but CI is
good too :) 

> 
> Thanks,
> 
> Andrew Bartlett
>