[Samba] LDAP-proxy to Samba DC

Yakov Revyakin yrevyakin at gmail.com
Mon Oct 5 11:08:59 UTC 2020


Hi friends,

I have an application which creates. modifies, reads computer objects in AD
using a specific AD service account. This account must have the following
permissions:

Create Computer Objects
Delete Computer Objects
Read All Properties
Write All Properties
Read Permissions
Modify Permissions
Change Passwords
Reset User Passwords
Validated write to DNS host name
Validated write to service principal name

I need to solve a non usual task - I need to substitute a LDAP-request made
by this service account with another request. A difference is that the
original request is made for a trusted domain. The substitution must look
like a request for a resource domain.
So that, I need to translate the request from the trusted domain to the
resource domain and execute it by a specific account in the resource domain.
After that I need to transform the result of execution back to the trusted
domain.
What do you think, this is possible? For example, using OpenLDAP as a
LDAP-proxy.


More information about the samba mailing list