[Samba] Samba4 LDAP ACLs - access to POSIX attributes from a non-admin account

Rob McCorkell xenopathic at gmail.com
Fri Dec 14 14:46:07 MST 2012

On the samba-technical mailing list there is this exact problem 
detailed, so your help is no longer needed to configure reading of 
unixHomeDirectory and loginShell by other users, but the question about 
anonymous access still stands - it would be much better for each client 
to have anonymous access to LDAP rather than needing the dedicated user, 
which brings with it security holes.

On 14/12/12 18:03, Rob McCorkell wrote:
> In our current testing environment, we are using nslcd to get user and 
> group information from the Samba4 LDAP server, using the last part of 
> objectSid as uidNumber. The configuration is designed to pull down 
> unixHomeDirectory and loginShell if they exist, but they default to 
> standard values if they do not. nslcd on each machine binds to LDAP 
> using a dedicated user account, nslcd-service, and the entire setup 
> works pretty well.

More information about the samba mailing list