[Samba] Samba4 LDAP ACLs - access to POSIX attributes from a non-admin account

Sat Dec 15 09:42:45 MST 2012

Hello Rob,

You can enable anonymous binding to AD by creating the attribute
"dsHeuristics" with a value of "0000002001001" under the DN:
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration

The Microsoft instructions mention below mention using the ADSI Edit tool
on Windows, but it can be done with any LDAP editing tool. I just tested
this on S4 and it appears to work.

See: http://technet.microsoft.com/en-us/library/cc816788(v=ws.10).aspx