From c349eae90578cc14177875d002262461341d5c84 Mon Sep 17 00:00:00 2001 From: myback Date: Tue, 6 Feb 2024 18:49:09 +0700 Subject: [PATCH 1/3] sambacc: add organizational unit (OU) support for ad dc configuration It is possible to specify a group and a user who belongs to a specific organizational group. See file examples/addc_ou.json. Signed-off-by: myback --- examples/addc_ou.json | 139 +++++++++++++++++++++++++++++ sambacc/addc.py | 29 +++++- sambacc/commands/addc.py | 6 +- sambacc/config.py | 19 ++++ sambacc/schema/conf-v0.schema.json | 46 ++++++++-- sambacc/schema/conf-v0.schema.yaml | 30 +++++++ sambacc/schema/conf_v0_schema.py | 55 ++++++++++-- 7 files changed, 305 insertions(+), 19 deletions(-) create mode 100644 examples/addc_ou.json diff --git a/examples/addc_ou.json b/examples/addc_ou.json new file mode 100644 index 0000000..a15345d --- /dev/null +++ b/examples/addc_ou.json @@ -0,0 +1,139 @@ +{ + "samba-container-config": "v0", + "configs": { + "demo": { + "instance_features": ["addc"], + "domain_settings": "sink", + "instance_name": "dc1" + } + }, + "domain_settings": { + "sink": { + "realm": "DOMAIN1.SINK.TEST", + "short_domain": "DOMAIN1", + "admin_password": "Passw0rd" + } + }, + "organizational_units": { + "sink": [ + {"name": "employees"} + ] + }, + "domain_groups": { + "sink": [ + {"name": "supervisors"}, + { + "name": "employees", + "ou": "employees" + }, + {"name": "characters"}, + {"name": "bulk"} + ] + }, + "domain_users": { + "sink": [ + { + "name": "bwayne", + "password": "1115Rose.", + "given_name": "Bruce", + "surname": "Wayne", + "member_of": ["supervisors", "characters", "employees"], + "ou": "employees" + }, + { + "name": "ckent", + "password": "1115Rose.", + "given_name": "Clark", + "surname": "Kent", + "member_of": ["characters", "employees"], + "ou": "employees" + }, + { + "name": "bbanner", + "password": "1115Rose.", + "given_name": "Bruce", + "surname": "Banner", + "member_of": ["characters", "employees"], + "ou": "employees" + }, + { + "name": "pparker", + "password": "1115Rose.", + "given_name": "Peter", + "surname": "Parker", + "member_of": ["characters", "employees"], + "ou": "employees" + }, + { + "name": "user0", + "password": "1115Rose.", + "given_name": "George0", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user1", + "password": "1115Rose.", + "given_name": "George1", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user2", + "password": "1115Rose.", + "given_name": "George2", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user3", + "password": "1115Rose.", + "given_name": "George3", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user4", + "password": "1115Rose.", + "given_name": "George4", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user5", + "password": "1115Rose.", + "given_name": "George5", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user6", + "password": "1115Rose.", + "given_name": "George6", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user7", + "password": "1115Rose.", + "given_name": "George7", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user8", + "password": "1115Rose.", + "given_name": "George8", + "surname": "Hue-Sir", + "member_of": ["bulk"] + }, + { + "name": "user9", + "password": "1115Rose.", + "given_name": "George9", + "surname": "Hue-Sir", + "member_of": ["bulk"] + } + ] + } +} diff --git a/sambacc/addc.py b/sambacc/addc.py index da3e2fc..853abbb 100644 --- a/sambacc/addc.py +++ b/sambacc/addc.py @@ -75,18 +75,25 @@ def create_user( password: str, surname: typing.Optional[str], given_name: typing.Optional[str], + ou: typing.Optional[str] = None, ) -> None: - cmd = _user_create_cmd(name, password, surname, given_name) + cmd = _user_create_cmd(name, password, surname, given_name, ou) _logger.info("Creating user: %r", name) subprocess.check_call(cmd) -def create_group(name: str) -> None: - cmd = _group_add_cmd(name) +def create_group(name: str, ou: typing.Optional[str] = None) -> None: + cmd = _group_add_cmd(name, ou) _logger.info("Creating group: %r", name) subprocess.check_call(cmd) +def create_ou(name: str) -> None: + cmd = _ou_add_cmd(name) + _logger.info("Creating organizational unit: %r", name) + subprocess.check_call(cmd) + + def add_group_members(group_name: str, members: list[str]) -> None: cmd = _group_add_members_cmd(group_name, members) _logger.info("Adding group members: %r", cmd) @@ -163,6 +170,7 @@ def _user_create_cmd( password: str, surname: typing.Optional[str], given_name: typing.Optional[str], + ou: typing.Optional[str], ) -> list[str]: cmd = samba_cmds.sambatool[ "user", @@ -174,15 +182,28 @@ def _user_create_cmd( cmd.append(f"--surname={surname}") if given_name: cmd.append(f"--given-name={given_name}") + if ou: + cmd.append(f"--userou=OU={ou}") return cmd -def _group_add_cmd(name: str) -> list[str]: +def _group_add_cmd(name: str, ou: typing.Optional[str]) -> list[str]: cmd = samba_cmds.sambatool[ "group", "add", name, ].argv() + if ou: + cmd.append(f"--groupou=OU={ou}") + return cmd + + +def _ou_add_cmd(name: str) -> list[str]: + cmd = samba_cmds.sambatool[ + "ou", + "add", + f"OU={name}", + ].argv() return cmd diff --git a/sambacc/commands/addc.py b/sambacc/commands/addc.py index 3602e67..283b597 100644 --- a/sambacc/commands/addc.py +++ b/sambacc/commands/addc.py @@ -155,8 +155,11 @@ def _prep_populate(ctx: Context) -> None: return _logger.info("Populating domain with default entries") + for ou in ctx.instance_config.organizational_units(): + addc.create_ou(ou.ou_name) + for dgroup in ctx.instance_config.domain_groups(): - addc.create_group(dgroup.groupname) + addc.create_group(dgroup.groupname, dgroup.ou) for duser in ctx.instance_config.domain_users(): addc.create_user( @@ -164,6 +167,7 @@ def _prep_populate(ctx: Context) -> None: password=duser.plaintext_passwd, surname=duser.surname, given_name=duser.given_name, + ou=duser.ou, ) # TODO: probably should improve this to avoid extra calls / loops for gname in duser.member_of: diff --git a/sambacc/config.py b/sambacc/config.py index 3c5c980..7642f64 100644 --- a/sambacc/config.py +++ b/sambacc/config.py @@ -337,6 +337,16 @@ def domain_groups(self) -> typing.Iterable[DomainGroupEntry]: for n, entry in enumerate(dgroups): yield DomainGroupEntry(self, entry, n) + def organizational_units(self) -> typing.Iterable[OrganizationalUnitEntry]: + if not self.with_addc: + raise ValueError("ad dc not supported by configuration") + ds_name: str = self.iconfig["domain_settings"] + o_units = self.gconfig.data.get("organizational_units", {}).get( + ds_name, [] + ) + for n, entry in enumerate(o_units): + yield OrganizationalUnitEntry(self, entry, n) + def __eq__(self, other: typing.Any) -> bool: if isinstance(other, InstanceConfig) and self.iconfig == other.iconfig: self_shares = _shares_data(self.gconfig, self.iconfig) @@ -476,6 +486,7 @@ def __init__(self, iconf: InstanceConfig, grec: dict, num: int): self.groupname = grec["name"] self.entry_num = num self._gid = grec.get("gid") + self.ou = grec.get("ou") if self._gid is not None: if not isinstance(self._gid, int): raise ValueError("invalid gid value") @@ -505,6 +516,7 @@ def __init__(self, iconf: InstanceConfig, urec: dict, num: int): self.surname = urec.get("surname") self.given_name = urec.get("given_name") self.member_of = urec.get("member_of", []) + self.ou = urec.get("ou") if not isinstance(self.member_of, list): raise ValueError("member_of should contain a list of group names") @@ -513,6 +525,13 @@ class DomainGroupEntry(GroupEntry): pass +class OrganizationalUnitEntry: + def __init__(self, iconf: InstanceConfig, urec: dict, num: int): + self.iconfig = iconf + self.ou_name = urec["name"] + self.entry_num = num + + class PermissionsConfig: _method_key: str = "method" _status_xattr_key: str = "status_xattr" diff --git a/sambacc/schema/conf-v0.schema.json b/sambacc/schema/conf-v0.schema.json index 7a61887..936ccdf 100644 --- a/sambacc/schema/conf-v0.schema.json +++ b/sambacc/schema/conf-v0.schema.json @@ -47,7 +47,7 @@ } }, "user_entry": { - "description": "A user that will be instantiated in the local contianer environment to\nin order to provide access to smb shares.\n", + "description": "A user that will be instantiated in the local container environment to\nin order to provide access to smb shares.\n", "type": "object", "properties": { "name": { @@ -77,7 +77,7 @@ "additionalProperties": false }, "group_entry": { - "description": "A group that will be instantiated in the local contianer environment to\nin order to provide access to smb shares.\n", + "description": "A group that will be instantiated in the local container environment to\nin order to provide access to smb shares.\n", "type": "object", "properties": { "name": { @@ -123,6 +123,10 @@ "description": "A plain-text password", "type": "string" }, + "ou": { + "description": "A organizational unit that the user should belong to", + "type": "string" + }, "member_of": { "description": "A list of group names that the user should belong to", "type": "array", @@ -146,6 +150,24 @@ }, "gid": { "type": "integer" + }, + "ou": { + "description": "A organizational unit that the user should belong to", + "type": "string" + } + }, + "required": [ + "name" + ], + "additionalProperties": false + }, + "organizational_unit_entry": { + "description": "A organizational unit that will be created in the specified AD domain. These\ngroups are populated in the directory after the domain is provisioned.\n", + "type": "object", + "properties": { + "name": { + "description": "The organizational unit name", + "type": "string" } }, "required": [ @@ -157,12 +179,12 @@ "properties": { "samba-container-config": { "type": "string", - "title": "Cofiguration Format Version", + "title": "Configuration Format Version", "description": "A short version string that assists in allowing the configuration\nformat to (some day) support incompatible version changes.\n(It is unique to the configuration and is not the version of sambacc)\n" }, "configs": { "title": "Container Configurations", - "description": "A mapping of named configurations (instances) to top-level configuration\nblocks. A useable configuration file must have at least one configuration,\nbut more than one is supported.\n", + "description": "A mapping of named configurations (instances) to top-level configuration\nblocks. A usable configuration file must have at least one configuration,\nbut more than one is supported.\n", "type": "object", "additionalProperties": { "type": "object", @@ -208,7 +230,7 @@ } }, "globals": { - "description": "A mapping of samba global configuation blocks. The global section names\nare not passed to Samba. All sections selected by a configuration are\nmerged together before passing to Samba.\n", + "description": "A mapping of samba global configuration blocks. The global section names\nare not passed to Samba. All sections selected by a configuration are\nmerged together before passing to Samba.\n", "type": "object", "additionalProperties": { "type": "object", @@ -243,7 +265,7 @@ } }, "users": { - "description": "Users to add to the container environment in order to provide\nShare access-control wihout becoming a domain member server.\n", + "description": "Users to add to the container environment in order to provide\nShare access-control without becoming a domain member server.\n", "type": "object", "properties": { "all_entries": { @@ -255,7 +277,7 @@ } }, "groups": { - "description": "Groups to add to the container environment in order to provide\nShare access-control wihout becoming a domain member server.\n", + "description": "Groups to add to the container environment in order to provide\nShare access-control without becoming a domain member server.\n", "type": "object", "properties": { "all_entries": { @@ -286,6 +308,16 @@ } } }, + "organizational_units": { + "description": "The organizational_unit section defines initial organizational unit that will be\nautomatically added to a newly provisioned domain. This section is\na mapping of the domain settings name to a list of domain group entries.\n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "$ref": "#/$defs/organizational_unit_entry" + } + } + }, "ctdb": { "type": "object", "additionalProperties": { diff --git a/sambacc/schema/conf-v0.schema.yaml b/sambacc/schema/conf-v0.schema.yaml index 160484f..b843849 100644 --- a/sambacc/schema/conf-v0.schema.yaml +++ b/sambacc/schema/conf-v0.schema.yaml @@ -125,6 +125,9 @@ $defs: password: description: A plain-text password type: string + ou: + description: A organizational unit that the user should belong to + type: string member_of: description: A list of group names that the user should belong to type: array @@ -145,6 +148,22 @@ $defs: type: string gid: type: integer + ou: + description: A organizational unit that the user should belong to + type: string + required: + - name + additionalProperties: false + # domain controller organizational unit entries + organizational_unit_entry: + description: | + A organizational unit that will be created in the specified AD domain. These + groups are populated in the directory after the domain is provisioned. + type: object + properties: + name: + description: The organizational unit name + type: string required: - name additionalProperties: false @@ -279,6 +298,17 @@ properties: type: array items: $ref: "#/$defs/domain_group_entry" + # organizational_unit are organizational unit that will be initialized for a new AD DC instance + organizational_units: + description: | + The organizational_unit section defines initial organizational unit that will be + automatically added to a newly provisioned domain. This section is + a mapping of the domain settings name to a list of domain group entries. + type: object + additionalProperties: + type: array + items: + $ref: "#/$defs/organizational_unit_entry" # ctdb customization settings # generally for developers/expert users only. these ctdb specific overrides # live outside the smb.conf and have their own section diff --git a/sambacc/schema/conf_v0_schema.py b/sambacc/schema/conf_v0_schema.py index fb49d3a..83a7525 100644 --- a/sambacc/schema/conf_v0_schema.py +++ b/sambacc/schema/conf_v0_schema.py @@ -65,7 +65,7 @@ }, "user_entry": { "description": ( - "A user that will be instantiated in the local contianer" + "A user that will be instantiated in the local container" " environment to\nin order to provide access to smb shares.\n" ), "type": "object", @@ -93,7 +93,7 @@ }, "group_entry": { "description": ( - "A group that will be instantiated in the local contianer" + "A group that will be instantiated in the local container" " environment to\nin order to provide access to smb shares.\n" ), "type": "object", @@ -131,6 +131,12 @@ "description": "A plain-text password", "type": "string", }, + "ou": { + "description": ( + "A organizational unit that the user should belong to" + ), + "type": "string", + }, "member_of": { "description": ( "A list of group names that the user should belong to" @@ -152,6 +158,28 @@ "properties": { "name": {"description": "The group name", "type": "string"}, "gid": {"type": "integer"}, + "ou": { + "description": ( + "A organizational unit that the user should belong to" + ), + "type": "string", + }, + }, + "required": ["name"], + "additionalProperties": False, + }, + "organizational_unit_entry": { + "description": ( + "A organizational unit that will be created in the specified" + " AD domain. These\ngroups are populated in the directory" + " after the domain is provisioned.\n" + ), + "type": "object", + "properties": { + "name": { + "description": "The organizational unit name", + "type": "string", + } }, "required": ["name"], "additionalProperties": False, @@ -160,7 +188,7 @@ "properties": { "samba-container-config": { "type": "string", - "title": "Cofiguration Format Version", + "title": "Configuration Format Version", "description": ( "A short version string that assists in allowing the" " configuration\nformat to (some day) support incompatible" @@ -172,7 +200,7 @@ "title": "Container Configurations", "description": ( "A mapping of named configurations (instances) to top-level" - " configuration\nblocks. A useable configuration file must" + " configuration\nblocks. A usable configuration file must" " have at least one configuration,\nbut more than one is" " supported.\n" ), @@ -221,7 +249,7 @@ }, "globals": { "description": ( - "A mapping of samba global configuation blocks. The global" + "A mapping of samba global configuration blocks. The global" " section names\nare not passed to Samba. All sections" " selected by a configuration are\nmerged together before" " passing to Samba.\n" @@ -254,7 +282,7 @@ "users": { "description": ( "Users to add to the container environment in order to" - " provide\nShare access-control wihout becoming a domain" + " provide\nShare access-control without becoming a domain" " member server.\n" ), "type": "object", @@ -268,7 +296,7 @@ "groups": { "description": ( "Groups to add to the container environment in order to" - " provide\nShare access-control wihout becoming a domain" + " provide\nShare access-control without becoming a domain" " member server.\n" ), "type": "object", @@ -305,6 +333,19 @@ "items": {"$ref": "#/$defs/domain_group_entry"}, }, }, + "organizational_units": { + "description": ( + "The organizational_unit section defines initial" + " organizational unit that will be\nautomatically added to a" + " newly provisioned domain. This section is\na mapping of the" + " domain settings name to a list of domain group entries.\n" + ), + "type": "object", + "additionalProperties": { + "type": "array", + "items": {"$ref": "#/$defs/organizational_unit_entry"}, + }, + }, "ctdb": { "type": "object", "additionalProperties": {"type": "string"}, From e3a2766904698daaf23b6e09b646b727a651ec24 Mon Sep 17 00:00:00 2001 From: myback Date: Tue, 6 Feb 2024 18:49:38 +0700 Subject: [PATCH 2/3] tests: add OU support tests Signed-off-by: myback --- tests/test_addc.py | 12 ++++- tests/test_config.py | 117 +++++++++++++++++++++++++++---------------- 2 files changed, 86 insertions(+), 43 deletions(-) diff --git a/tests/test_addc.py b/tests/test_addc.py index 23f27a8..88d0577 100644 --- a/tests/test_addc.py +++ b/tests/test_addc.py @@ -20,7 +20,6 @@ import pytest - import sambacc.addc @@ -122,6 +121,17 @@ def test_create_user(tmp_path, monkeypatch): assert "--given-name=Fred" in result +def test_create_ou(tmp_path, monkeypatch): + monkeypatch.setattr( + sambacc.samba_cmds, "_GLOBAL_PREFIX", [_fake_samba_tool(tmp_path)] + ) + + sambacc.addc.create_ou("quarry_workers") + with open(tmp_path / "args.out") as fh: + result = fh.read() + assert "ou add OU=quarry_workers" in result + + def test_create_group(tmp_path, monkeypatch): monkeypatch.setattr( sambacc.samba_cmds, "_GLOBAL_PREFIX", [_fake_samba_tool(tmp_path)] diff --git a/tests/test_config.py b/tests/test_config.py index 3f428ec..470c5d9 100644 --- a/tests/test_config.py +++ b/tests/test_config.py @@ -18,9 +18,10 @@ import io import os -import pytest import unittest +import pytest + import sambacc.config import sambacc.opener @@ -165,7 +166,6 @@ } """ - ctdb_config1 = """ { "samba-container-config": "v0", @@ -255,6 +255,60 @@ } """ +addc_config2 = """ +{ + "samba-container-config": "v0", + "configs": { + "demo": { + "instance_features": ["addc"], + "domain_settings": "sink", + "instance_name": "dc1" + } + }, + "domain_settings": { + "sink": { + "realm": "DOMAIN1.SINK.TEST", + "short_domain": "DOMAIN1", + "admin_password": "Passw0rd" + } + }, + "organizational_units": { + "sink": [ + {"name": "friends"} + ] + }, + "domain_groups": { + "sink": [ + { + "name": "friends", + "ou": "friends" + }, + {"name": "gothamites"} + ] + }, + "domain_users": { + "sink": [ + { + "name": "bwayne", + "password": "1115Rose.", + "given_name": "Bruce", + "surname": "Wayne", + "member_of": ["friends", "gothamites"], + "ou": "friends" + }, + { + "name": "ckent", + "password": "1115Rose.", + "given_name": "Clark", + "surname": "Kent", + "member_of": ["friends"], + "ou": "friends" + } + ] + } +} +""" + class TestConfig(unittest.TestCase): def test_non_json(self): @@ -515,6 +569,24 @@ def test_ad_dc_config_demo(): assert dusers[0].username == "bwayne" +def test_ad_dc_ou_config_demo(): + c1 = sambacc.config.GlobalConfig(io.StringIO(addc_config2)) + i1 = c1.get("demo") + assert i1.with_addc + + domou = sorted(i1.organizational_units(), key=lambda v: v.ou_name) + assert len(domou) == 1 + assert domou[0].ou_name == "friends" + + dgroups = sorted(i1.domain_groups(), key=lambda v: v.groupname) + assert len(dgroups) == 2 + assert dgroups[0].ou == "friends" + + dusers = sorted(i1.domain_users(), key=lambda v: v.username) + assert len(dusers) == 2 + assert dusers[0].ou == "friends" + + def test_ad_dc_invalid(): c1 = sambacc.config.GlobalConfig(io.StringIO(config1)) i1 = c1.get("foobar") @@ -529,47 +601,8 @@ def test_ad_dc_invalid(): with pytest.raises(ValueError): list(i1.domain_groups()) - -def test_ad_dc_bad_member_of(): - jdata = { - "samba-container-config": "v0", - "configs": { - "demo": { - "instance_features": ["addc"], - "domain_settings": "sink", - "instance_name": "dc1", - } - }, - "domain_settings": { - "sink": { - "realm": "DOMAIN1.SINK.TEST", - "short_domain": "DOMAIN1", - "admin_password": "Passw0rd", - } - }, - "domain_groups": {"sink": [{"name": "friends"}]}, - "domain_users": { - "sink": [ - { - "name": "ckent", - "password": "1115Rose.", - "given_name": "Clark", - "surname": "Kent", - "member_of": "friends", - } - ] - }, - } - c1 = sambacc.config.GlobalConfig(initial_data=jdata) - i1 = c1.get("demo") - assert i1.with_addc - - dgroups = sorted(i1.domain_groups(), key=lambda v: v.groupname) - assert len(dgroups) == 1 - assert dgroups[0].groupname == "friends" - with pytest.raises(ValueError): - list(i1.domain_users()) + list(i1.organizational_units()) def test_share_config_no_path(): From 87f3883dc7094fefcbbe0c245bc6d0b9c0f8d794 Mon Sep 17 00:00:00 2001 From: myback Date: Tue, 6 Feb 2024 18:50:12 +0700 Subject: [PATCH 3/3] schema.yaml: typo fixes Signed-off-by: myback --- sambacc/schema/conf-v0.schema.yaml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/sambacc/schema/conf-v0.schema.yaml b/sambacc/schema/conf-v0.schema.yaml index b843849..d798572 100644 --- a/sambacc/schema/conf-v0.schema.yaml +++ b/sambacc/schema/conf-v0.schema.yaml @@ -2,9 +2,9 @@ # EDIT THIS FILE # When you are done editing this YAML representation, convert it into # a matching .json file in the same directory. That file exists -# for jsonschema implmenations that can't read directly from YAML. +# for jsonschema implementations that can't read directly from YAML. # -# After edting this file, generated files need to be updated. +# After editing this file, generated files need to be updated. # Run: python -m sambacc.schema.tool --update # $schema: "http://json-schema.org/draft-07/schema#" @@ -45,7 +45,7 @@ $defs: additionalProperties: type: string # permissions backend configurations - # each backend may have it's own set of additional properties + # each backend may have its own set of additional properties permissions_config: description: | Settings that enable and manage sambacc's permissions management support. @@ -62,7 +62,7 @@ $defs: # file server user entries user_entry: description: | - A user that will be instantiated in the local contianer environment to + A user that will be instantiated in the local container environment to in order to provide access to smb shares. type: object properties: @@ -87,7 +87,7 @@ $defs: # file server group entries group_entry: description: | - A group that will be instantiated in the local contianer environment to + A group that will be instantiated in the local container environment to in order to provide access to smb shares. type: object properties: @@ -170,7 +170,7 @@ $defs: properties: samba-container-config: type: "string" - title: "Cofiguration Format Version" + title: "Configuration Format Version" description: | A short version string that assists in allowing the configuration format to (some day) support incompatible version changes. @@ -183,7 +183,7 @@ properties: title: "Container Configurations" description: | A mapping of named configurations (instances) to top-level configuration - blocks. A useable configuration file must have at least one configuration, + blocks. A usable configuration file must have at least one configuration, but more than one is supported. type: object additionalProperties: @@ -206,7 +206,7 @@ properties: The name of the domain settings. Only used with 'ADDC' feature flag. type: string additionalProperties: false - # share defintions. + # share definitions. shares: description: | A mapping of share name to share specific configuration. A share can @@ -221,10 +221,10 @@ properties: permissions: $ref: "#/$defs/permissions_config" additionalProperties: false - # globals defintions. + # globals definitions. globals: description: | - A mapping of samba global configuation blocks. The global section names + A mapping of samba global configuration blocks. The global section names are not passed to Samba. All sections selected by a configuration are merged together before passing to Samba. type: object @@ -257,7 +257,7 @@ properties: users: description: | Users to add to the container environment in order to provide - Share access-control wihout becoming a domain member server. + Share access-control without becoming a domain member server. type: object properties: all_entries: @@ -269,7 +269,7 @@ properties: groups: description: | Groups to add to the container environment in order to provide - Share access-control wihout becoming a domain member server. + Share access-control without becoming a domain member server. type: object properties: all_entries: