[Samba] Snipe-IT ldap integration / Create read only user
lingpanda101 at gmail.com
Tue Jan 26 17:09:53 UTC 2016
On 1/26/2016 11:59 AM, Sébastien Le Ray wrote:
> Le 26/01/2016 14:09, Rowland penny a écrit :
>> In which case it is easy, especially as the page you linked to has
>> 'Example' above the user DN you posted.
>> Using your favourite way of creating AD users, create a user, that's
>> it! The user will have read-only access to AD and read/write access
>> to its own AD object.
>> You should be aware that the user, by default, will be created in
>> 'CN=Users,DC=example,DC=com' not in 'DC=example,DC=com' as shown on
>> the linked page
> You may also add a GPO to prevent such users to log in by putting them
> in a specific group and list it in « prevent local login »/« prevent
> TSE login » (inaccurate translation)
I currently have it setup according to Rowlands suggestion. Seeing as
the only function of this user is to read membership info. I wanted to
restrict all other rights of this user. Your suggestion is another
option I was looking at as well. Microsoft ADUC has a option you speak
of titled "Log on to". I was going to limit this user to 1 or all DC's.
More information about the samba