[Samba] samba4 AD, allow users to modify (some of) their own attributesHi
mourik jan heupink - merit
heupink at merit.unu.edu
Wed Apr 9 06:34:41 MDT 2014
Hi list, Andrew,
>> I have searched around a bit, and found this:
>> http://www.schakko.de/2011/03/30/how-to-give-users-the-permission-to-change-their-own-active-directory-attributesprofile/
>>
>> Are there others ways to do this easier, for example with acl's like we
>> had in openldap, or is the above link really the way to (attempt to) go
>> in samba4?
>
> That looks correct, as we implement NT ACLs on the AD database.
>
> Andrew Bartlett
Thanks for your response, Andrew. Now I took the time to study this a
bit more, but it seems that giving modify permissions to 'SELF' on our
Active Directory, it would mean users could edit ALL their details. This
seems a bit too loose...
I would like my users to be able to self-edit only some fields like
roomNumber, jpegPhoto, displayName, mobile, wWWHomePage, etc.
I don't think the above link would help me to get those permissions,
right? Has anyone else already done something like this?
More information about the samba
mailing list