X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=p6AKk+WlF1iOWq650AD/1yzhdXHqKSVuaWY06JrQvYNSkPlPMKcux
	jfIWHtxIuEOUkfkXHzOfnfpkEP2HetvwE4vlb3WgDViTukNczkxPC2lTrvTym5sa
	mkt9xw8UTmWgaFNtwklvJA9Ll1CwFZufwsfiXtggM+Atti5aWvqPRw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; s=default;
	 bh=/IGEQRnpfmDQjQE3cKmWlGFOZ5M=; b=JX8Qif2nehDdBBmR3e9vWAA9zUcP
	GbAFRdbx0sI9gJCUmQtPmb4xFKJbDoyacUwpjc3SopoxioDrwXs6NdIc9Fz87BQj
	fMf5IqapzjkNMoudHzlbAnkYTQ1YOay3429Xl37XHZdrnvocFd6Yjl+8ggA0+5nd
	XNyRGMGVgipp73Q=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-5.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.3.2
X-HELO: calimero.vinschen.de
Date: Wed, 26 Nov 2014 22:12:51 +0100
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Cygwin AD schema and configuration extensions (was Re: RFC: 1.7.33 problem with user's home directory)
Message-ID: <20141126211251.GB9157@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20141110205216 DOT GJ2782 AT calimero DOT vinschen DOT de> <0B8D23F7-0258-472D-BF38-860402FD3CDC AT etr-usa DOT com> <20141111101821 DOT GO2782 AT calimero DOT vinschen DOT de> <loom DOT 20141111T112847-576 AT post DOT gmane DOT org> <20141111111437 DOT GB28012 AT calimero DOT vinschen DOT de> <20141126205658 DOT GA9157 AT calimero DOT vinschen DOT de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="9zSXsLTf0vkW971A"
Content-Disposition: inline
In-Reply-To: <20141126205658.GA9157@calimero.vinschen.de>
User-Agent: Mutt/1.5.23 (2014-03-12)

--9zSXsLTf0vkW971A
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Nov 26 21:56, Corinna Vinschen wrote:
> > Cygwin schema extension? :)
>=20
> I just created a patch and a matching snapshot on
> https://cygwin.com/snapshots/

Ok, so we have a cygwin schema extension now.  The file is called
cygwin.ldif and is in the Cygwin CVS repo.  It gets installed to
/usr/share/cygwin.  The schema extension consists of two auxiliary
classes:

  CN=3DcygwinUser, gets attached to CN=3DUser and adds the attributes:

    cygwinHome
    cygwinShell
    cygwinGecos

  as well as the as of yet unused

    cygwinUnixUid
    cywinFstab

  CN=3DcygwinGroup, gets attached to CN=3DGroup and adds the attribute:

    cygwinUinxGid

The cygwinHome, cygwinShell and cygwinGecos attributes are described
in my previous mail.

cygwinUnixUid and cygwinUinxGid are supposed to be used for NFS and
Samba uid/gid account mapping, same as the posixAccount:uidNumber,
and posixGroup:gidNumber fields.  See
https://cygwin.com/preliminary-ug/ntsec.html#ntsec-mapping-nfs
https://cygwin.com/preliminary-ug/ntsec.html#ntsec-mapping-samba

cygwinFstab, a multi-string attribute, is supposed to be used as
user fstab, along the lines, but replacing the /etc/fstab.d/$USER
file.  This way an administrator can predefine per-user mount points.

In the long run I'm also planning to allow replacing /etc/fstab and
/etc/nsswitch.conf with a Cygwin-specific AD configuration extension.

The idea of this, including the cygwinFstab attribute, is to allow
admins to get rid of any local system setting, to control the Cygwin
system settings entirely from AD, and to drop the requirement for
/etc being always alongside of Cygwin's /bin dir.

Do you think this makes sense?  Would you actually use these AD
extensions, or do you see your admins using them if available?


Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--9zSXsLTf0vkW971A
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUdkJTAAoJEPU2Bp2uRE+gMCQP/RtzjVRvhJihf9cC+MpRqFCe
SMNmuQcFwY/yV96wuvRrLbNigJBeOaFdjecJD/kDg5M2GXPtb14H2n5taJ7RwsV3
jIZmKBZv/j7Pj2y1MjgE6X+okozPZ6PF/+YFvCO6B54+eTA00PKI3Z7cmHql2Eqp
ynInvNMCahEdVBtskXdSh2F7dnta11HyiYk+xsQtBpxnhPKU3X4QWn2WAic9Wvpj
BkftnXFcTH5H3oPm+cj/76NpPAkHxPQDnD/p0TRheWSI5ZDpfkWEryAvXTGrotAS
PmgbxJkpcFljMYwcnsJip/iYCFVOupoBXtx/dpL88dwDQxnAYUebkweIolquYPnI
N8SNHYJK9hO4cIFbHYIDCeB+CWc2V2PFb3X8Y+YzLeoJgLfQBgOGm2KtMwF+hV17
KMQ59zbGhks0mOJavj637fHc5nY9prsk0r/k4rgIr65axhDGMKr9LGQntz4IJ1vL
T5b3L0o3Wg0sZHsD544wwh1T25o68jKaY5Nurzcqa+wo+KhrGYjiWSd0tnu+tJmM
BGhPRmU+vpF77S6nZTur4voQi2uk5tl2sMwT5hFb80a0t5pZw3w9ren7XeoFI3lv
eLmE75elXAX70hgJUKIhpUkBtMBo2nYhDvdS9jbN/SHZOgB1t2f1C6MqS8VztJTg
J8ZBtgHPW0pFYWpqrZYZ
=Tkm2
-----END PGP SIGNATURE-----

--9zSXsLTf0vkW971A--