ldap object access controls
Nadezhda Ivanova
nivanova at samba.org
Fri May 4 12:51:36 UTC 2018
Not to mention it's not very easy :). Even in the decoded form, you need
to know which SIDs mean which accounts, which GUIDs mean which property
sets or objects, and you need to be aware of the rules of ordering.
Information of nTSecurityDescriptor can be found in MS-ADTS (Somewhere
in section 5), and MS-DTYP. Scripts or tools are the way to go.
On 05/04/2018 03:26 PM, Denis Cardon via samba-technical wrote:
> Hi William,
>
> I don't think it is advisable to directly edit the ntSecurityDescriptor
> attributes. If you don't mind using some python, you can get some
> inspiration from Andrew's mitigation script for CVE-2018-1057 mitigation
> [1]. I used it as a basis for implementing some ACL handling at clients
> recently.
>
> Cheers,
>
> Denis
>
> [1] https://download.samba.org/pub/samba/misc/samba_CVE-2018-1057_helper
>
>>
>> Thank you!
>>
>
More information about the samba-technical
mailing list