[Samba] Give users possibility to manage part of their AD account
ole.traupe at tu-berlin.de
Tue Dec 8 16:05:35 UTC 2015
You can configure OU delegation from ADUC.
Am 07.12.2015 um 21:44 schrieb Marc Muehlfeld:
> Am 07.12.2015 um 13:36 schrieb mathias dufresne:
>> Is there a way to give users (all AD users for a start) the possibility to
>> manage themselves some of their user attributes (as loginShell for example)?
> This sounds dangerous, but you can set directory ACLs for that.
> Two examples for delegation tasks, you can find in these doc:
> But be warned: Setting wrong ACLs in your directory can have serious
> effects - from security issues to a broken AD. So make sure you have a
> working backup and know exactly what you're doing!
More information about the samba