ldap object access controls
Rowland Penny
rpenny at samba.org
Fri May 4 09:09:21 UTC 2018
On Fri, 4 May 2018 11:38:22 +0300
Nadezhda Ivanova via samba-technical <samba-technical at lists.samba.org>
wrote:
> Hi William,
> Perhaps I don't understand your question, do you mean
> nTSecurityDescriptor? To "see" it you need to be a domain admin or
> provide SD_FLAGS_CONTROL in the request. Also, it's a binary blob. I
> have forgotten if there is a samba tool to display the decoded
> descriptors, there must be. Else some of the python test code can be
> re-used.
>
it is one of the hidden attributes, you need to explicitly ask for it
e.g.
ldbsearch -H ldap://dc4 -b 'dc=samdom,dc=example,dc=com' -s sub -U
rowland '(&(objectclass=user)(samaccountname=rowland))'
nTSecurityDescriptor
Rowland
More information about the samba-technical
mailing list