[Samba] samba4 AD, allow users to modify (some of) their own attributesHi
Andrew Bartlett
abartlet at samba.org
Sun Apr 6 00:06:12 MDT 2014
On Sat, 2014-04-05 at 15:22 +0200, mourik jan heupink - merit wrote:
> Hi all,
>
> In our openldap days, we allowed users to modify some of their own ldap
> records. They logged on with their own username/password, and were
> allowed to change stuff like 'roomNumber', jpegPhone', 'mobile', etc, etc.
>
> It seems that samba4 AD handles permissions a bit stricter, and our
> users are no longer allowed to edit those details.
>
> I have searched around a bit, and found this:
> http://www.schakko.de/2011/03/30/how-to-give-users-the-permission-to-change-their-own-active-directory-attributesprofile/
>
> Are there others ways to do this easier, for example with acl's like we
> had in openldap, or is the above link really the way to (attempt to) go
> in samba4?
That looks correct, as we implement NT ACLs on the AD database.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list