ACL implementation in Samba 4

Nadezhda Ivanova nadezhda.ivanova at
Mon Jun 16 08:47:51 GMT 2008

Hi Team,


We are currently exploring implementation of ACLs in the LDAP layer, trying to identify what has to be done so that ACEs in objects attributes can be applied effectively.

There is a list of ACL tasks on the wiki:<> 

Could someone please tell us if this list is up to date? Are there any additional tasks necessary that are not in this list?


We have also found the ldb kludge ACL module, but from the description I see that it covers very basic function.

/* Kludge ACL rules:


 * - System can read passwords

 * - Administrators can write anything

 * - Users can read anything that is not a password




We would also appreciate some feedback on the patent issue. Has it been resolved? If not, do you have any design ideas for working around it, or plans for alternative implementation?

We would like to discuss ACL implementation in detail here or in IRC whenever possible.



Anatoliy Atanasov, Nadezhda Ivanova


More information about the samba-technical mailing list