ldap object access controls
nivanova at samba.org
Fri May 4 08:38:22 UTC 2018
Perhaps I don't understand your question, do you mean
nTSecurityDescriptor? To "see" it you need to be a domain admin or
provide SD_FLAGS_CONTROL in the request. Also, it's a binary blob. I
have forgotten if there is a samba tool to display the decoded
descriptors, there must be. Else some of the python test code can be
On 04/18/2018 08:47 AM, William Brown via samba-technical wrote:
> I'm currently trying to understand the samba4/ad ldap object access
> control for search and how to manipulate these.
> Looking at various objects I can't seem to see where AD is storing the
> ACE entries, even though you can "edit" them via ADSI and the like.
> What attribute of the object are the ACE attributes stored in and how
> can I modify these via the ldap interface? Any documentation or
> references about this topic would be excellent,
> Thank you!
More information about the samba-technical