[Samba] samba-tool user add - weird resulting

Rowland Penny rpenny at samba.org
Thu Aug 15 15:58:09 UTC 2024


On Thu, 15 Aug 2024 17:44:08 +0200
Franta Hanzlik via samba <samba at lists.samba.org> wrote:

> Dne 2024.08.15 17:01, Rowland Penny via samba napsal:
> > On Thu, 15 Aug 2024 16:33:57 +0200
> > Franta Hanzlik via samba <samba at lists.samba.org> wrote:
> > 
> >> Dne 2024.08.14 12:06, Rowland Penny via samba napsal:
> >> > On Wed, 14 Aug 2024 11:05:23 +0200
> >> > Franta Hanzlik via samba <samba at lists.samba.org> wrote:
> >> >
> >> >> Rowland, thank you for response.
> >> >> But I still think there's nothing stopping Samba from being
> >> >> better than Windows at this, and introducing some switches like
> >> >>   --displayname
> >> >>   --commonname
> >> >>   --name
> >> >>   --exclude-initials-in-dn
> >> >> or something similar.
> >> >>
> >> >> After all, what are the various attributes displayName/cn/name
> >> >> for, if they cannot be entered when creating a user.
> >> >>
> >> >
> >> > OK, the 'commonname' or 'cn' is also part of the users 'dn' or
> >> > RDN and the 'name' must also be the same as the 'cn'. You can use
> >> > whatever you like for the 'username' when creating a user, but
> >> > whatever is used will also populate the 'cn', 'name',
> >> > 'sAMAccountName' and 'distinguishedName' attributes.
> >> >
> >> > You can also use the '--use-username-as-cn' to force the use of
> >> > the username for the 'cn' (and hence the other attributes).
> >> >
> >> > There is nothing stopping you writing your own script around
> >> > 'samba-tool user add' to first create the user (using samba-tool)
> >> > and then modify it to your purposes, though I struggle to
> >> > understand why you would want to.
> >> >
> >> > Rowland
> > 
> > First, what email client are you using ? When I try reply to your
> > posts, whatever you posted isn't in the reply, I have to copy into
> > place.
> 
> I normally use Claws Mail, but yesterday and today I am writing from
> RoundCube webmail. I've checked its message creation settings, but it
> seems OK. And when I send an email to myself, it seems to be fine too,
> and writing a reply also…

Hmm strange, I use claws mail, but this email seems to be rendering
correctly, must be one of those glitches.

> 
> >> The problem is the initials.
> >> If I understand their meaning and role correctly, initials are the
> >> first letters of the full user's name (first, middle, last
> >> name,..) - and what is important, they are/should be a separate
> >> element, not part of other forms of the name.
> >> 
> >> Just like is the 'United States' and is its abbreviation 'US', but
> >> the term 'United US States' is nonsense.
> >> Or, for example, my name is 'Franta Hanzlik', I have the initials
> >> 'FH', but the expression 'Franta FH Hanzlik' is nonsense.
> >> 
> >> And this is how entering initials using 'samba-tool user add' /
> >> 'samba-tool user rename' behaves badly: when I enter them in user
> >> add, they are stuffed into DN, displayName, name,
> >> distinguishedName, commonName - although I don't want them there
> >> and IMO they have nothing there do.
> > 
> >> And if I don't specify the initials in user add, then DN, cn,
> >> displayName, name, distinguishedName are as I want them (but the
> >> initials attribute is missing, of course).
> >> And when I add it then, using 'user rename', those initials are
> >> stuffed into and change DN, cn, displayName, name,
> >> distinguishedName.
> >> 
> >> This is wrong and no wrapper around 'samba-tool user {add,rename}'
> >> it won't do!
> > 
> > This must be a cultural thing, because the initial attribute to me
> > would contain the users initials for their middle name. Take my full
> > name 'Rowland Edward Penny', I would expect the initials attribute
> > to contain 'E.', which would make sense 'Rowland E. Penny'.
> > 
> > Also when I said write a script, I meant a script that would create
> > the user using samba-tool (without setting the users initials) and
> > then use ldbmodify to add the initials attribute.
> > 
> > Rowland
> 
> Ah, that's how it is.
> So I won't use initials, I can't use this behavior.
> But anyway - the fact that adding initials changes the DN and 
> distinguishedName
> is bad in my opinion - or at least it should be optional.

As I said, Samba emulates a Microsoft AD DC and that is how a Microsoft
AD DC works.
 
> Meanwhile, using the subsequent samba-tool user rename, I set the 
> displayName,
> and the rest will occur using ldbmodify (if I can overcome natural
> laziness ;)

I would just create the user without the initials, then you can use
anything to add the initials attribute, this should not affect any
other user attribute.

Rowland



More information about the samba mailing list