[Samba] [Samba as AD] ACLs on LDAP attributes?

mathias dufresne infractory at gmail.com
Tue Jun 28 13:53:11 UTC 2016

Thank you Rowland : )

I did read about that attribute once or twice, every time I deeply hoped to
not have to deal with one day... And I should have think about them as I
already read about them and because passwords are not shown too...

Thank you again.

2016-06-28 15:22 GMT+02:00 Rowland penny <rpenny at samba.org>:

> On 28/06/16 14:07, mathias dufresne wrote:
>> Hi all,
>> We are thinking to hide some attribute contents to almost everyone but
>> those we decide they can read it. It is possible with real LDAP servers as
>> OpenLDAP but is it with LDAP server shipped with Samba 4 working as AD?
>> About accessing the whole tree I believe that Samba as AD refuses any
>> unauthenticated query. Is that true? I did tested that but my search could
>> be wrong or perhaps the default configuration makes authentication
>> necessary but this configuration could be changed. In that case I would
>> know how to change that behaviour to avoid changing it by mistake : )
>> Best regards,
>> mathias
> Try investigating the 'nTSecurityDescriptor' attribute, which funnily
> enough is an hidden attribute, this contains the ownership and permissions
> of an AD object.
> You will probably need to read this as well:
> https://msdn.microsoft.com/en-us/library%28d=robot%29/aa379570%28d=robot,l=en-us,v=vs.85%29.aspx
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list