[Samba] Regarding changing ACL with LDAP or SAMBA

Michael Persson michael.persson at imc.nl
Thu Oct 15 00:24:13 MDT 2009


I am trying to change the ACL for a Active Directory group using Perl on 
Linux. The problem is that there are no Perl bindings for Samba and I 
couldn't find any UNIX compatible module that can me do this.

This is the same as setting "Managed By" and then clicking "(X) Manager 
can update membership list" in the AD admin tools.

# ldapmodify -x -h Server -W -D "Domain\User" -f update.ldif --- 
update.ldif dn: CN=Group,OU=Location,DC=Domain,DC=Local changetype: 
modify replace: managedBy managedBy: CN=User,CN=Users,DC=Domain,DC=Local 
---- # ldapsearch -LLL -x -h Server -p 3268 -W -b "DC=Domain,DC=Local" 
-D "Domain\User" "(&(CN=Group)(ntSecurityDescriptor=*))" 
ntSecurityDescriptor dn: CN=Group,OU=Location,DC=Domain,DC=Local 

Does anyone have a good advice as how to easiest solve this. I would 
like to avoid writing a module with Samba bindings or a module that 
actually interprets the binary info.


More information about the samba mailing list