[Samba] User management scripts in AD mode...

Rowland Penny rpenny at samba.org
Wed Jun 21 17:15:00 UTC 2017 

On Wed, 21 Jun 2017 18:52:59 +0200
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> 
> I'm testing the upgrade of some domains from NT mode (LDAP backend)
> to AD mode.
> 
> 
> In NT mode i was (ab)used to the smbldap-tools to user management, and
> i've also extended a bit to manage, eg, email aliases and forwarding.
> 
> Now, in AD mode, i can relay only to samba-tool, and seems to me that
> something misses. Apart the 'reset password' in other thread, for
> example:
> 
> a) i've not found a way to modify a user: i can create and delete, but
>  not modify it (as smbldap-usermodify do).

smbldap-tools wasn't a Samba tool, but samba-tool is and there are
several gaps in what it can do. So you need to do what the writers of
smbldap-tools did, write your own scripts.

> 
> b) group management seems to me only ''group centric'', eg i can
> manage membership in group, but not in users; eg, i can modify
> members of a group, but not modify groups of a user (as
> smbldap-usermodify do).

Not sure what you are getting at here, if you add a user to a group in
AD, you not only get a record in the group object, you also get a
record in the users object

dn: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com
.....
member: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com

dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
.....
memberOf: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com

So you don't have to modify the user at all, again samba-tool can do
things like this for you, see 'samba-tool group --help'

> 
> I'm simply ''confused'' by that, i'm asking only some feedback.
> I'm looking at Samba4 and AD domains only by some weeks, so probably
> there's good reason to do so, and i don't see them...
> 
> 
> 
> But i'm also ask a more generic question: smbldap-tools was perl code,
> modular and was very easy to reuse most of the code to make some
> ''extensions''.
> 
> I want to create some ''samba-user'' addon script, there's some code
> documentation/walkthrou/examples... i can read on?
> 
> All the (modules) code is here, right?
> 	https://github.com/samba-team/samba/tree/master/python/samba/netcmd
> 
> 
> Thanks.
> 

Yes that is the python code for most of 'samba-tool'

Rowland

More information about the samba mailing list