ldap object access controls
dcardon at tranquil.it
Fri May 4 12:26:47 UTC 2018
> I'm currently trying to understand the samba4/ad ldap object access
> control for search and how to manipulate these.
> Looking at various objects I can't seem to see where AD is storing the
> ACE entries, even though you can "edit" them via ADSI and the like.
> What attribute of the object are the ACE attributes stored in and how
> can I modify these via the ldap interface? Any documentation or
> references about this topic would be excellent,
I don't think it is advisable to directly edit the ntSecurityDescriptor
attributes. If you don't mind using some python, you can get some
inspiration from Andrew's mitigation script for CVE-2018-1057 mitigation
. I used it as a basis for implementing some ACL handling at clients
> Thank you!
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 220.127.116.11.55
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
More information about the samba-technical