[Samba] What options do I have to create OUs and ACLs in Samba4?
rowlandpenny at googlemail.com
Sun Feb 15 12:37:47 MST 2015
On 15/02/15 18:27, Marc Muehlfeld wrote:
> Hello John,
> Am 15.02.2015 um 18:56 schrieb John Lewis:
>> I need to create a couple of OUs under Users to separate my internal
>> users from my external users that have LDAP backed accounts so I can put
>> ACLs over the external users so I can limit what they can see on the
>> tree. What options do I have to create the OUs and the ACLs in a Samba4
>> AD-DC domain?
> The comfortable, easy and recommended way: Use ADUC.
> The (very) unattractive way: OUs you can create LDAP-style via importing
> LDIFs. ACLs can be set via samba-tool. But as far as I know, we don't
> have any documentation yet about "samba-tool dsacl set". Here is an
> example, that I found on the internet and the output it produces:
> It seems to do something. But I have no idea what :-)
FYI Marc, It is allowing 'Domain Computers' access to
"CN=demo01,CN=Users,DC=samdom,DC=example,DC=com", the container will
inherit ACES and 'Domain Computers' can read the sddls, list children
and read control. :-)
More information about the samba