[Samba] Snipe-IT ldap integration / Create read only user

James lingpanda101 at gmail.com
Tue Jan 26 17:09:53 UTC 2016

On 1/26/2016 11:59 AM, Sébastien Le Ray wrote:
> Le 26/01/2016 14:09, Rowland penny a écrit :
>> In which case it is easy, especially as the page you linked to has 
>> 'Example'  above the user DN you posted.
>> Using your favourite way of creating AD users, create a user, that's 
>> it! The user will have read-only access to AD and read/write access 
>> to its own AD object.
>> You should be aware that the user, by default, will be created in 
>> 'CN=Users,DC=example,DC=com' not in 'DC=example,DC=com' as shown on 
>> the linked page
> You may also add a GPO to prevent such users to log in by putting them 
> in a specific group and list it in « prevent local login »/« prevent 
> TSE login » (inaccurate translation)
> Regards
I currently have it setup according to Rowlands suggestion. Seeing as 
the only function of this user is to read membership info. I wanted to 
restrict all other rights of this user. Your suggestion is another 
option I was looking at as well. Microsoft ADUC has a option you speak 
of titled "Log on to". I was going to limit this user to 1 or all DC's.


More information about the samba mailing list