[Samba] [Samba as AD] ACLs on LDAP attributes?
mathias dufresne
infractory at gmail.com
Tue Jun 28 13:53:11 UTC 2016
Thank you Rowland : )
I did read about that attribute once or twice, every time I deeply hoped to
not have to deal with one day... And I should have think about them as I
already read about them and because passwords are not shown too...
Thank you again.
2016-06-28 15:22 GMT+02:00 Rowland penny <rpenny at samba.org>:
> On 28/06/16 14:07, mathias dufresne wrote:
>
>> Hi all,
>>
>> We are thinking to hide some attribute contents to almost everyone but
>> those we decide they can read it. It is possible with real LDAP servers as
>> OpenLDAP but is it with LDAP server shipped with Samba 4 working as AD?
>>
>> About accessing the whole tree I believe that Samba as AD refuses any
>> unauthenticated query. Is that true? I did tested that but my search could
>> be wrong or perhaps the default configuration makes authentication
>> necessary but this configuration could be changed. In that case I would
>> know how to change that behaviour to avoid changing it by mistake : )
>>
>> Best regards,
>>
>> mathias
>>
>
> Try investigating the 'nTSecurityDescriptor' attribute, which funnily
> enough is an hidden attribute, this contains the ownership and permissions
> of an AD object.
>
> You will probably need to read this as well:
> https://msdn.microsoft.com/en-us/library%28d=robot%29/aa379570%28d=robot,l=en-us,v=vs.85%29.aspx
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list