samba - May 2012 - AD / new auxiliary class / vb script

Hello

I've modified AD schema by adding a new auxiliary class (iscA) with an 
auxilairy attribute (iscA1).

I've followed this explanation /_*entirely*_/ : 
http://semifershome.free.fr/semifer/index.php?2008/02/12/42-etendre-le-schema-active-directory-classes-attributs-et-display-specifiers

I've named the menu item with the same name (AllowedService). By 
right-clicking on a AD user then on the menu AllowedService, the 
following script is executed and it is intended to modify iscA1 
attribute. The script is :

/set args = WScript.arguments
Set user = GetObject(args(0))

temp = InputBox("iscA1 value", "Set iscA1", user.iscA1)
user.put "iscA1", temp
user.setInfo/

My first problem : when I right-click I've the message : "this object 
does not support this property or method".
Precision : i've linked my new auxiliary class with user class.

So i've created the following script which add iscA class and iscA1 
attribute to a specific user :
/
Set user = GetObject("LDAP://cn=toto,cn=users,<my domain>")
user.GetInfo

user.PutEx 3, "objectClass", Array("iscA")
user.Put "isc1", "toto"
user.SetInfo/

After the execution of this script the right-click above run and I can 
modify the value of iscA1 attribute for user toto.
But I can't see the last value (given by /user.iscA1/) : always empty 
while in the LDAP database I can see the value is correctly set.

Two questions :

1) Why the first script fail ? Why must I execute the second script first ?

2) Why can't i see the last value of iscA1 when I run the first script ?

Thanks

-- 
Herv? H?noch
Responsable informatique
Institut Sainte Catherine
1750, chemin du Lavarin, 84000 Avignon
T?l?phone : 04.90.27.57.44
Messagerie : h.henoch at isc84.org

On 05/23/2012 06:48 AM, Herv? H?noch wrote:
> Hello
>
> I've modified AD schema by adding a new auxiliary class (iscA) with an 
> auxilairy attribute (iscA1).
>
> I've followed this explanation /_*entirely*_/ : 
>
http://semifershome.free.fr/semifer/index.php?2008/02/12/42-etendre-le-schema-active-directory-classes-attributs-et-display-specifiers
>
> I've named the menu item with the same name (AllowedService). By 
> right-clicking on a AD user then on the menu AllowedService, the 
> following script is executed and it is intended to modify iscA1 
> attribute. The script is :
>
> /set args = WScript.arguments
> Set user = GetObject(args(0))
>
> temp = InputBox("iscA1 value", "Set iscA1", user.iscA1)
> user.put "iscA1", temp
> user.setInfo/
>
> My first problem : when I right-click I've the message : "this
object
> does not support this property or method".
> Precision : i've linked my new auxiliary class with user class.
>
> So i've created the following script which add iscA class and iscA1 
> attribute to a specific user :
> /
> Set user = GetObject("LDAP://cn=toto,cn=users,<my domain>")
> user.GetInfo
>
> user.PutEx 3, "objectClass", Array("iscA")
> user.Put "isc1", "toto"
Is it a typo that you set the attribute "isc1" and not
"iscA1" ?
> user.SetInfo/
>
> After the execution of this script the right-click above run and I can 
> modify the value of iscA1 attribute for user toto.
> But I can't see the last value (given by /user.iscA1/) : always empty 
> while in the LDAP database I can see the value is correctly set.
>
> Two questions :
>
> 1) Why the first script fail ? Why must I execute the second script 
> first ?
>
> 2) Why can't i see the last value of iscA1 when I run the first script
?
As you are using auxiliarly class this should work, can we check a few 
things:

1) What is the ouput of ldbsearch -H ldap://dc_ip --cross-ncs 
'(ldapdisplayname=iscA)'
2) What is the output of ldbsearch -H ldap://dc_ip --cross-ncs 
'(auxiliaryClass=iscA)'

We might have a bug in the way the auxiliary class is registered to its 
parent class.

Could you make a test with you script to set the unixHomeDirectory, it's 
also linked the user objectclass with the posixaccount auxiliary class.

Would be good to trace also the whole stuff, see
https://wiki.samba.org/index.php/Capture_Packets
https://wiki.samba.org/index.php/Keytab_Extraction

In how to make capture and extract keytab in order to be able to decrypt 
encrypted traffic.


Matthieu

-- 
Matthieu Patou
Samba Team
http://samba.org