[Samba] samba4 anonymous ldap search
mourik jan heupink
heupink at merit.unu.edu
Mon Jan 20 01:35:52 MST 2014
Hi Rowland and Chan,
Thanks for your replies.
On 01/17/2014 04:07 PM, Chan Min Wai wrote:
> I think I've just ask this question on the chat room before.
> This is the same implementation on win AD.
> SAMBA 4 AD merely duplicate that implementation.
> If you want to change that. You might want to change how M$ do it ;)
> Thank you.
> Chan Min Wai
>> Rowland Penny <rowlandpenny at googlemail.com> 於 17/01/2014 10:47 PTG 寫道：
>>> On 17/01/14 13:49, mourik jan heupink wrote:
>>> I found some discussion here in 2010 about allowing/disallowing anonymous ldap access in samba4, however, nothing much recent comes up.
>>> I see that my samba4 does not allow anonymous access. Is there a way to enable it in samba4, like the way we had it with samba3/openldap?
>>> (we restricted access to sensitive info, but allowed anon search access to many user details like mail addresses, etc, etc)
>> Hi, whilst you cannot do anonymous access, what your users can do is read the entire AD database:
>> ldapsearch -x -H ldap://dc.example.com:389 -b DC=example,DC=com -D CN=username,CN=Users,DC=example,DC=com -w usernames-password
>> This is from a linux machine, but no doubt it is possible to do something similar from a windows box
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba