g@/SSKrSSKJr SSKJr SSKJr SSKJ r SSK J r J r J r Jr "SS\ 5r"SS \ 5r"S S \ 5r"S S \ 5r"SS\ 5r"SS\ 5r"SS\ 5rg)N) bitFields)system_session)SamDB)Command CommandError SuperCommandOptionc \rSrSrSrSr\R\R\RS.r \ "SS\ S9\ "SS S \ S S S 9/r S/rSSjrSrg)cmd_schema_attribute_modify a4Modify attribute settings in the schema partition. This commands allows minor modifications to attributes in the schema. Active Directory does not allow many changes to schema, but important modifications are related to indexing. This command overwrites the value of searchflags, so be sure to view the current content before making changes. Example1: samba-tool schema attribute modify uid \ --searchflags="fATTINDEX,fPRESERVEONDELETE" This alters the uid attribute to be indexed and to be preserved when converted to a tombstone. Important search flag values are: fATTINDEX: create an equality index for this attribute. fPDNTATTINDEX: create a container index for this attribute (ie OU). fANR: specify that this attribute is a member of the ambiguous name resolution set. fPRESERVEONDELETE: indicate that the value of this attribute should be preserved when the object is converted to a tombstone (deleted). fCOPY: hint to clients that this attribute should be copied. fTUPLEINDEX: create a tuple index for this attribute. This is used in substring queries. fSUBTREEATTINDEX: create a browsing index for this attribute. VLV searches require this. fCONFIDENTIAL: indicate that the attribute is confidential and requires special access checks. fNEVERVALUEAUDIT: indicate that changes to this value should NOT be audited. fRODCFILTEREDATTRIBUTE: indicate that this value should not be replicated to RODCs. fEXTENDEDLINKTRACKING: indicate to the DC to perform extra link tracking. fBASEONLY: indicate that this attribute should only be displayed when the search scope of the query is SCOPE_BASE or a single object result. fPARTITIONSECRET: indicate that this attribute is a partition secret and requires special access checks. The authoritative source of this information is the MS-ADTS. %prog attribute [options] sambaopts versionoptscredoptsz --searchflagszSearch Flags for the attribute)helptype-H--URL%LDB URL for database or target serverURLHrrmetavardest attributeNc,Uc [S5eSnUbSnURS5nUV s/sH oR5R5PM" nn UHCn U [SR 5;a[SU -5eS[SU - n USU --nME UR 5n URU 5n [U[5XS9nUR5nS U<SU<3n[R"5n[R"UU5UlUb2[R"[!U5[R"S 5US 'UR%U5 UR'5 UR(R+S U-5 gs sn f) Nz#A value to modify must be provided.r, searchflagsz$Unknown flag '%s', please see --helpurl session_info credentialslpzcn= searchFlagsz modified %s)rsplit capitalizeswapcaserkeys get_loadparmget_credentialsrr schema_dnldbMessageDndnMessageElementstrFLAG_MOD_REPLACEmodifyset_schema_update_nowoutfwrite)selfrrrrrrsearchflags_intflagsxflagbit_locr&credssamdbr.attr_dnms 5/usr/lib/python3/dist-packages/samba/netcmd/schema.pyruncmd_schema_attribute_modify.runYsy  DE E  "O%%c*E9>>1\\^,,.E>y7<<>>&'MPT'TUUy7=="1Q'\"B  # # %((,!.*:"'0OO% )95 KKMvveW%  &"11O$c&:&:M KAm   Q ##%  /07?s'F)NNNNN__name__ __module__ __qualname____firstlineno____doc__synopsisoptions SambaOptionsVersionOptionsCredentialsOptionstakes_optiongroupsr r4 takes_options takes_argsrE__static_attributes__rGrDr r st'P+H))--.. %ECPtW#JS 2M J>B*.)1rWr c \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_schema_attribute_showzShow details about an attribute from the schema. Schema attribute definitions define and control the behaviour of directory attributes on objects. This displays the details of a single attribute. r rrrrrrrrNcUR5nURU5n[U[5XvS9nUR 5n SR U5n UR U [RU S9n [U 5S:Xa[SU-5e[U 5S:a[SU-5eSU SR5;aSn [[U SS55n /n [S R5H/nU SS [S U- --S:wdMU R!U5 M1 [U 5S:a8U SR#[R$"U [R&S 55 UR)U S[R*5nUR,R/U5 g![a [S U SS-5ef=f) Nr"zJ(&(objectClass=attributeSchema)(|(lDAPDisplayName={0})(cn={0})(name={0})))basescope expressionrzNo schema objects matched "%s"r!zPMultiple schema objects matched "%s": this is a serious issue you should report!r'zJInvalid schemaFlags value "%s": this is a serious issue you should report!rr searchFlagsDecoded)r,r-rrr.formatsearchr/ SCOPE_SUBTREElenrr+intr4 ValueErrorrappendaddr3 FLAG_MOD_ADD write_ldifCHANGETYPE_NONEr8r9)r:rrrrrr&r@rAr.filtresflags_ioutr> user_ldifs rDrEcmd_schema_attribute_show.runs  # # %((,!.*:"'0OO% [bbclmll 1B1B&*, s8q=?)KL L s8a<qt}}~ ~& CFKKM )G Ic#a&"789C!-0557aB=)A$)G$GHIQNJJt$83x!|A 3--c33C3CEYZ[$$SVS-@-@A   " I"#oruvwrxzGsH$HII Is F55GrGNNNNrHrGrWrDrYrYs` +H))--.. tW#JS 2M J4#rWrYc \rSrSrSrSr\R\R\RS.r \ "SSS\ SS S 9/r S /rSS jrSrg )cmd_schema_attribute_show_oczShow what objectclasses MAY or MUST contain an attribute. This is useful to determine "if I need uid, what objectclasses could be applied to achieve this." r rrrrrrrrNctUR5nURU5n[U[5XvS9nUR 5n SR U5n SR U5n UR U [RU S/S9n UR U [RU S/S9n URRS5 U H'nURRSUSS-5 M) URRS 5 U H'nURRSUSS-5 M) g) Nr"zE(&(objectClass=classSchema)(|(mayContain={0})(systemMayContain={0})))zG(&(objectClass=classSchema)(|(mustContain={0})(systemMustContain={0})))cn)r]r^r_attrsz--- MAY contain --- z%s rz--- MUST contain --- ) r,r-rrr.rarbr/rcr8r9)r:rrrrrr&r@rAr.may_filt must_filtmay_resmust_resmsgs rDrE cmd_schema_attribute_show_oc.runs*  # # %((,!.*:"'0OO% 99? 9J ;;A6);L ,,IS5F5F*24&B<n URU [R5n URRU 5 M@ g)Nr"zF(&(objectClass=classSchema)(|(lDAPDisplayName={0})(cn={0})(name={0})))r\) r,r-rrr.rarbr/rcrjrkr8r9)r:rrrrrr&r@rAr.rlrmr}rps rDrEcmd_schema_objectclass_show.runs  # # %((,!.*:"'0OO% ==CVK=P ll 1B1B&*,C((c.A.ABI IIOOI &rWrGrrrHrGrWrDrrs` -H))--.. tW#JS 2M  J'rWrcX\rSrSrSr0r\"5\S'\"5\S'\"5\S'Sr g)cmd_schema_attributei,z4Query and manage attributes in the schema partition.r6showshow_ocrGN) rIrJrKrLrM subcommandsr rYrtrVrGrWrDrr,s1>K79K35K9;K rWrc0\rSrSrSr0r\"5\S'Srg)cmd_schema_objectclassi4z7Query and manage objectclasses in the schema partition.rrGN)rIrJrKrLrMrrrVrGrWrDrr4sAK57KrWrcD\rSrSrSr0r\"5\S'\"5\S'Srg) cmd_schemai:zSchema querying and management.rrrGN) rIrJrKrLrMrrrrVrGrWrDrr:s$)K35K !7!9K rWr)r/ samba.getoptgetoptrOsamba.ms_schemar samba.authr samba.samdbr samba.netcmdrrrr r rYrtrrrrrGrWrDrs|& %%b1'b1JI#I#X.37.3b'''''T<<<8\8 ::rW