[Samba] Re: SAMBA3 + LDAP

mallapadi niranjan niranjan.ashok at gmail.com
Tue Dec 20 13:31:15 GMT 2005 

Hi

Thanks for Replying me . In the ACL below
#####################################################################
#access to dn.base="dc=msdpl,dc=com"
> access to attrs=sambaLMPassword,sambaNTP
>
> assword
> >         by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> >         by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" read
> >         by * none
> > access to attr=userPassword
> >         by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> >         by self write
> >         by anonymous auth
> >         by * none
> > access to *
> >         by * read


#######################################################################
in by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" read if i keep read/write
it's not affecting

so i have changed my acl's
#########################################################################
access to dn.base="dc=msdpl,dc=com"
 attrs=sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,
 objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid,description,
 telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
 by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
 by dn="uid=.*,ou=Groups,dc=msdpl,dc=com" write
 by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" write
 by self write
 by anonymous auth
 by * none

access to dn.base="dc=msdpl,dc=com"
 attr=userPassword
 by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
 by dn="uid=.*,ou=Groups,dc=msdpl,dc=com" write
 by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" write
 by self write
 by anonymous auth
 by * none

access to *  by * read
###########################################################################




On 12/20/05, paul kölle <paul at subsignal.org> wrote:
>
> mallapadi niranjan wrote:
>
> [snip]
> > #access to dn.base="dc=msdpl,dc=com"
> > access to attrs=sambaLMPassword,sambaNTPassword
> >         by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> >         by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" read
> >         by * none
> > access to attr=userPassword
> >         by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> >         by self write
> >         by anonymous auth
> >         by * none
> > access to *
> >         by * read
> I don't understand this, you give *everyone* in the People container
> write access to *all* passwords and those in ou=Domain Admins only read
> access...?
>
> confused
> Paul
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list