[Samba] Give users possibility to manage part of their AD account
Ole Traupe
ole.traupe at tu-berlin.de
Tue Dec 8 16:05:35 UTC 2015
You can configure OU delegation from ADUC.
Ole
Am 07.12.2015 um 21:44 schrieb Marc Muehlfeld:
> Hello,
>
> Am 07.12.2015 um 13:36 schrieb mathias dufresne:
>> Is there a way to give users (all AD users for a start) the possibility to
>> manage themselves some of their user attributes (as loginShell for example)?
> This sounds dangerous, but you can set directory ACLs for that.
>
> Two examples for delegation tasks, you can find in these doc:
> https://wiki.samba.org/index.php/Delegation/Join_machines_to_a_domain
> https://wiki.samba.org/index.php/Delegation/Account_management
>
> But be warned: Setting wrong ACLs in your directory can have serious
> effects - from security issues to a broken AD. So make sure you have a
> working backup and know exactly what you're doing!
>
>
> Regards,
> Marc
>
More information about the samba
mailing list