[Samba] Restrict ldap queries on LDB
Sergio Belkin
sebelk at gmail.com
Wed Dec 22 07:23:54 UTC 2021
Hi,
If I run something like :
ldapsearch -b dc=EXAMPLE,dc=com -D "CN=test,CN=Users,DC=example,DC=com" -ZZ
-LLL -H ldap://ldap.example.com -W
I get almost everything of another users (test is an ordinary user)
for example that user could obtain fields such as:
dn,objectClass,objectClass,objectClass,objectClass,sn,instanceType,whenCreated,uSNCreated,
company,objectGUID,badPwdCount,codePage,countryCode,badPasswordTime,
lastLogoff,primaryGroupID,objectSid,accountExpires,sAMAccountName,
sAMAccountType,userPrincipalName,objectCategory,mail,pwdLastSet,
userAccountControl,memberOf,cn,name,givenName,displayName,
lastLogonTimestamp,whenChanged,uSNChanged,lastLogon,logonCount,
distinguishedName,
Please could you help me to restrict the queries, I'd want that every
non-Administrator user can get only some attributes, but not everything.
How can I do that using LDB, is that possible?
Thanks in advance!
--
--
Sergio Belkin
LPIC-2 Certified - http://www.lpi.org
More information about the samba
mailing list