[Samba] samba4 AD, allow users to modify (some of) their own attributesHi

mourik jan heupink - merit heupink at merit.unu.edu
Sat Apr 5 07:22:51 MDT 2014


Hi all,

In our openldap days, we allowed users to modify some of their own ldap 
records. They logged on with their own username/password, and were 
allowed to change stuff like 'roomNumber', jpegPhone', 'mobile', etc, etc.

It seems that samba4 AD handles permissions a bit stricter, and our 
users are no longer allowed to edit those details.

I have searched around a bit, and found this:
http://www.schakko.de/2011/03/30/how-to-give-users-the-permission-to-change-their-own-active-directory-attributesprofile/

Are there others ways to do this easier, for example with acl's like we 
had in openldap, or is the above link really the way to (attempt to) go 
in samba4?

MJ


More information about the samba mailing list