[PATCH] Add Unix attributes to a user or group in AD

Michael Adam obnox at samba.org
Fri Nov 20 09:37:38 UTC 2015 

On 2015-11-20 at 09:27 +0000, Rowland Penny wrote:
> On 20/11/15 08:13, Michael Adam wrote:
> >On 2015-11-16 at 19:14 +0000, Rowland Penny wrote:
> >>On 16/11/15 14:34, Michael Adam wrote:
> >>>Rowland,
> >>>
> >>>I lost track of the most up-to-date patches.
> >>>(Scattered over several mail threads, I think.)
> >>>Could you please re-send the latest, complete
> >>>patchset for this?
> >>>
> >>>Thanks a lot!
> >>>
> >>>Michael
> >>>
> >>>
> >>OK, here are the patches as requested by Michael Adam:
> >Thanks for updating the patches!
> >
> >I'd really like someone who is more into our python/samba-tool
> >code to review. Generally the patches look pretty good to me.
> >Just two comments right now:
> >
> >- I still don't quite understand, why you taken an all-or-nothing
> >   approach instead of possibly selectively setting unix
> >   attributes. And allowing for modification / addition of attribs
> >   on objects that already have a nis attribute. It does not
> >   seem natural to me.
> 
> I am only doing what happens when you add rfc2307 attributes with ADUC,

What is ADUC ?

> this is also the way samba-tool works when you create a user
> with rfc2307 attributes i.e.

Yeah, creation is OK.
But i don't see a reason to separate full adding and modifying.
I think the most useful tool would be one that can set individual
attributes.

I'd like to hear more opinions. I just thing that we should not
restrict ourselves unnecessarily. This is our tool and we can
define how it works. :-)

> samba-tool user add User5 passw5rd --nis-domain=samdom
> --unix-home=/home/User5
> --uid-number=10005 --login-shell=/bin/false --gid-number=10000
> 
> I entirely agree that samba-tool needs something to add/mod attributes, but
> this will need to be another patch.

Not sure. One tool for that would be sufficient imho.

> >- In the first patch, this part seems slightly inconsistent:
> >
> >>+        if len(res) == 0:
> >>+            raise Exception('Unable to find object "%s"' %
> >>+                            search_filter)
> >>+        assert(len(res) == 1)
> >Why once an exception and then assert?
> >I could imagine s/th like:
> >if len(res) > 1:
> >   raise Exception('More than one obj found...")
> 
> Yes the patch could be better, still learning python :-)

So am I. :-)

> Will come up with a new patch

Thanks!

Cheers - Michael



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151120/6603c074/signature.sig>

More information about the samba-technical mailing list