[Samba] Regarding changing ACL with LDAP or SAMBA
Michael Persson
michael.persson at imc.nl
Thu Oct 15 00:24:13 MDT 2009
Hi
I am trying to change the ACL for a Active Directory group using Perl on
Linux. The problem is that there are no Perl bindings for Samba and I
couldn't find any UNIX compatible module that can me do this.
This is the same as setting "Managed By" and then clicking "(X) Manager
can update membership list" in the AD admin tools.
# ldapmodify -x -h Server -W -D "Domain\User" -f update.ldif ---
update.ldif dn: CN=Group,OU=Location,DC=Domain,DC=Local changetype:
modify replace: managedBy managedBy: CN=User,CN=Users,DC=Domain,DC=Local
---- # ldapsearch -LLL -x -h Server -p 3268 -W -b "DC=Domain,DC=Local"
-D "Domain\User" "(&(CN=Group)(ntSecurityDescriptor=*))"
ntSecurityDescriptor dn: CN=Group,OU=Location,DC=Domain,DC=Local
nTSecurityDescriptor::
EaKFAKoAMEDAAAAAAAEALQAAAUAOAAAAAUAOAAAAAUAOAAAAAUAOADA
AEALQQEaKFDdARooU2AwAA+ANnwaV6lr/mFAKoAMEniAQEDAAAAAAEAAAAAB1o4ACAAAAADAAAAvz
...
Does anyone have a good advice as how to easiest solve this. I would
like to avoid writing a module with Samba bindings or a module that
actually interprets the binary info.
Regards
Michael
More information about the samba
mailing list