[Samba] Give users possibility to manage part of their AD account

Marc Muehlfeld mmuehlfeld at samba.org
Mon Dec 7 20:44:51 UTC 2015


Am 07.12.2015 um 13:36 schrieb mathias dufresne:
> Is there a way to give users (all AD users for a start) the possibility to
> manage themselves some of their user attributes (as loginShell for example)?

This sounds dangerous, but you can set directory ACLs for that.

Two examples for delegation tasks, you can find in these doc:

But be warned: Setting wrong ACLs in your directory can have serious
effects - from security issues to a broken AD. So make sure you have a
working backup and know exactly what you're doing!


More information about the samba mailing list