[Samba] Samba4 LDAP ACLs - access to POSIX attributes from a non-admin account
Rob McCorkell
xenopathic at gmail.com
Fri Dec 14 14:46:07 MST 2012
On the samba-technical mailing list there is this exact problem
detailed, so your help is no longer needed to configure reading of
unixHomeDirectory and loginShell by other users, but the question about
anonymous access still stands - it would be much better for each client
to have anonymous access to LDAP rather than needing the dedicated user,
which brings with it security holes.
On 14/12/12 18:03, Rob McCorkell wrote:
> In our current testing environment, we are using nslcd to get user and
> group information from the Samba4 LDAP server, using the last part of
> objectSid as uidNumber. The configuration is designed to pull down
> unixHomeDirectory and loginShell if they exist, but they default to
> standard values if they do not. nslcd on each machine binds to LDAP
> using a dedicated user account, nslcd-service, and the entire setup
> works pretty well.
More information about the samba
mailing list