ldap object access controls
Nadezhda Ivanova
nivanova at samba.org
Fri May 4 08:38:22 UTC 2018
Hi William,
Perhaps I don't understand your question, do you mean
nTSecurityDescriptor? To "see" it you need to be a domain admin or
provide SD_FLAGS_CONTROL in the request. Also, it's a binary blob. I
have forgotten if there is a samba tool to display the decoded
descriptors, there must be. Else some of the python test code can be
re-used.
Best Regards,
Nadya
On 04/18/2018 08:47 AM, William Brown via samba-technical wrote:
> Hi,
>
> I'm currently trying to understand the samba4/ad ldap object access
> control for search and how to manipulate these.
>
> Looking at various objects I can't seem to see where AD is storing the
> ACE entries, even though you can "edit" them via ADSI and the like.
>
> What attribute of the object are the ACE attributes stored in and how
> can I modify these via the ldap interface? Any documentation or
> references about this topic would be excellent,
>
> Thank you!
>
More information about the samba-technical
mailing list