[Samba] samba4 AD, allow users to modify (some of) their own attributesHi

mourik jan heupink - merit heupink at merit.unu.edu
Wed Apr 9 06:34:41 MDT 2014


Hi list, Andrew,

>> I have searched around a bit, and found this:
>> http://www.schakko.de/2011/03/30/how-to-give-users-the-permission-to-change-their-own-active-directory-attributesprofile/
>>
>> Are there others ways to do this easier, for example with acl's like we
>> had in openldap, or is the above link really the way to (attempt to) go
>> in samba4?
>
> That looks correct, as we implement NT ACLs on the AD database.
>
> Andrew Bartlett

Thanks for your response, Andrew. Now I took the time to study this a 
bit more, but it seems that giving modify permissions to 'SELF' on our 
Active Directory, it would mean users could edit ALL their details. This 
seems a bit too loose...

I would like my users to be able to self-edit only some fields like 
roomNumber, jpegPhoto, displayName, mobile, wWWHomePage, etc.

I don't think the above link would help me to get those permissions, 
right? Has anyone else already done something like this?


More information about the samba mailing list