[Samba] Give users possibility to manage part of their AD account
Marc Muehlfeld
mmuehlfeld at samba.org
Mon Dec 7 20:44:51 UTC 2015
Hello,
Am 07.12.2015 um 13:36 schrieb mathias dufresne:
> Is there a way to give users (all AD users for a start) the possibility to
> manage themselves some of their user attributes (as loginShell for example)?
This sounds dangerous, but you can set directory ACLs for that.
Two examples for delegation tasks, you can find in these doc:
https://wiki.samba.org/index.php/Delegation/Join_machines_to_a_domain
https://wiki.samba.org/index.php/Delegation/Account_management
But be warned: Setting wrong ACLs in your directory can have serious
effects - from security issues to a broken AD. So make sure you have a
working backup and know exactly what you're doing!
Regards,
Marc
More information about the samba
mailing list