[Samba] [samba as AD] Hidden attributes

mathias dufresne infractory at gmail.com
Tue Jul 5 08:33:11 UTC 2016


Any way to extract thelm without knowing all attributes of one given object?

2016-07-04 17:40 GMT+02:00 Rowland penny <rpenny at samba.org>:

> On 04/07/16 16:16, mathias dufresne wrote:
>
>> Hi all,
>>
>> Is there a way to extract the whole attributes of objects, even hidden
>> attributes, using ldbsearch or any samba tool?
>>
>
> Don't think you can get the hidden attributes over the wire, but you can
> get them on the DC by explicitly asking for them.
>
>
>> Hidden attributes have to be hidden from ldapsearch which can be used
>> through network and so, remotely. ldbsearch can be used only locally by
>> root, which [should] limit who is using it, so perhaps I thought it was
>> possible : )
>>
>
> Oh dear, who told you that only root could use ldbsearch and that it only
> works on a DC ?
>
> rowland at devstation:~/programming/git$ ldbsearch -H ldap://dc1 -b
> 'cn=Users,dc=samdom,dc=example,dc=com' -s sub
> '(&(objectclass=user)(samaccountname=rowland))' -U rowland
> Password for [SAMDOM\rowland]:
> # record 1
> dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
> cn: Rowland Penny
> sn: Penny
> givenName: Rowland
> instanceType: 4
> whenCreated: 20151109093821.0Z
> displayName: Rowland Penny
> uSNCreated: 3871
> name: Rowland Penny
> objectGUID: 28103293-9fc9-4681-b19c-ae1150fe2b72
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107
> logonCount: 0
> sAMAccountName: rowland
> sAMAccountType: 805306368
> userPrincipalName: rowland at samdom.example.com
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c
>  om
> pwdLastSet: 130915355010000000
> uid: rowland
> msSFU30Name: rowland
> msSFU30NisDomain: samdom
> uidNumber: 10000
> unixHomeDirectory: /home/rowland
> loginShell: /bin/bash
> userAccountControl: 66048
> accountExpires: 0
> gidNumber: 10000
> objectClass: top
> objectClass: securityPrincipal
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> gecos: Rowland Penny
> memberOf: CN=DnsAdmins,CN=Users,DC=samdom,DC=example,DC=com
> homeDirectory: \\DC1\rowland
> lastLogonTimestamp: 131120934392797250
> whenChanged: 20160704081039.0Z
> uSNChanged: 245201
> lastLogon: 131121071311154780
> distinguishedName: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list