[Samba] samba-tool modifying AD
Andrew Bartlett
abartlet at samba.org
Sat Aug 27 03:26:21 UTC 2016
On Fri, 2016-08-26 at 22:06 +0100, Rowland Penny via samba wrote:
> On Sat, 27 Aug 2016 08:33:02 +1200
> Andrew Bartlett <abartlet at samba.org> wrote:
>
> >
> > On Mon, 2016-08-22 at 09:21 +0100, Rowland Penny via samba wrote:
> > >
> > > On Mon, 22 Aug 2016 13:38:06 +1200
> > > Andrew Bartlett via samba <samba at lists.samba.org> wrote:
> > >
> > > >
> > > >
> > > > On Sat, 2016-08-20 at 18:29 -0700, David Bear via samba wrote:
> > > > >
> > > > >
> > > > > Is it possible to use the samba-tool to create/update user
> > > > > accounts
> > > > > in a
> > > > > standard windows AD domain ?
> > > >
> > > > Yes.
> > > >
> > > > Andrew Bartlett
> > > >
> > >
> > > Well, yes, you can create new users with samba-tool, but update
> > > them, that would be a very big NO
> >
> > Rowland,
> >
> > What breaks specifically for you? The tools are expected to manage
> > a
> > Windows server in the same way as a Samba one, for operations
> > performed over LDAP. If there is a difference in the behaviour, we
> > should be logging a bug and testing for that.
> >
> > Given your comments presumably you have hit such an issue?
> >
> > Thanks,
> >
> > Andrew Bartlett
> >
>
> Andrew, you know that whilst you can create a user with samba-tool,
> even adding the RFC2307 attributes whilst creating the user, you
> cannot
> add the RFC2307 atrributes to a user created on ADUC with samba-tool,
> you also cannot change individual attributes with samba-tool.
Correct, for general-purpose modifications, see ldbmodify/ldbedit.
However the enable/disable/setpassword/setexpiry should work, with
appropriate permissions. That is all I meant.
> You also know that I proposed patches to allow samba-tool to add the
> RFC2307 attributes and they came to nothing.
Correct, we couldn't take your patches to use msSFU30MaxUidNumber
because they were not multi-master safe.
> I even told you that Windows 10 doesn't have IDMU, so there is no way
> to add RFC2307 attributes from win10, apart from attribute by
> attibute.
I'm a little lost as to where rfc2307 attributes came into this.
I hope this clarifies things,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list