[Samba] Re: SAMBA3 + LDAP
mallapadi niranjan
niranjan.ashok at gmail.com
Tue Dec 20 13:31:15 GMT 2005
Hi
Thanks for Replying me . In the ACL below
#####################################################################
#access to dn.base="dc=msdpl,dc=com"
> access to attrs=sambaLMPassword,sambaNTP
>
> assword
> > by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> > by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" read
> > by * none
> > access to attr=userPassword
> > by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> > by self write
> > by anonymous auth
> > by * none
> > access to *
> > by * read
#######################################################################
in by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" read if i keep read/write
it's not affecting
so i have changed my acl's
#########################################################################
access to dn.base="dc=msdpl,dc=com"
attrs=sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange,
objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid,description,
telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname
by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
by dn="uid=.*,ou=Groups,dc=msdpl,dc=com" write
by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" write
by self write
by anonymous auth
by * none
access to dn.base="dc=msdpl,dc=com"
attr=userPassword
by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
by dn="uid=.*,ou=Groups,dc=msdpl,dc=com" write
by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" write
by self write
by anonymous auth
by * none
access to * by * read
###########################################################################
On 12/20/05, paul kölle <paul at subsignal.org> wrote:
>
> mallapadi niranjan wrote:
>
> [snip]
> > #access to dn.base="dc=msdpl,dc=com"
> > access to attrs=sambaLMPassword,sambaNTPassword
> > by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> > by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" read
> > by * none
> > access to attr=userPassword
> > by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
> > by self write
> > by anonymous auth
> > by * none
> > access to *
> > by * read
> I don't understand this, you give *everyone* in the People container
> write access to *all* passwords and those in ou=Domain Admins only read
> access...?
>
> confused
> Paul
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
More information about the samba
mailing list