[cifs-protocol] Conditional ACEs in AD - where are they valid?
Andrew Bartlett
abartlet at samba.org
Thu May 11 05:26:12 UTC 2023
Kia Ora DocHelp,
(again) Per my phone call with Obaid and Tom last week.
We were discussing conditional ACEs in security descriptors, and I was
curious as to where they were allowed, as I see some awesome
possibilities for this technology.
I asked if they are valid in any SD, and the answer is NO, they are not
allowed on SDs on an object.
Therefore, they must be possible in some places and not others, clearly
yes for the SD attributes that control flexible authentication, dynamic
authentication and silos.
So that we can enforce (or not!) the same restrictions, what at the
LDAP level determines if an attribute may contain a conditional ACE in
a security descriptor?
Thanks,
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the cifs-protocol
mailing list