ldap filter gone and sambadomainnname not checked

simo idra at samba.org
Fri Mar 3 16:33:06 GMT 2006

On Fri, 2006-03-03 at 16:47 +0100, Pierre Filippone wrote:
> It's not that simple for us, because we still need special access to 
> certain attributes of disabled accounts for non-admins.

Through samba ? I don't thinks so.

You can apply that acl only to the sambadmin (samba uses only this
account), and let everybody else have the same rights as usual.

> And we already 
> have fairly complex ACLs.

That's another matter, but this way is the most cleanest possible, and
does not involve inventing new private classes or playing with the
entries samba controls on it's own.
You can even use the description attribute to do that for what it


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org

More information about the samba-technical mailing list