[Samba] Accidental zone deletion

[Rowland penny]

On 22/06/2021 08:45, Prasad Dwarapureddi via samba wrote:
> Hi,
>
> We are trying to build the Admin function delegation on OU in the UI we are
> designing. Is there any command in Samba or any python binding that will
> help us achieve this?
>
> Below is the output we get after executing command  - samba-tool delegation
> --help
>
> Available subcommands:
>    add-service       - Add a service principal as msDS-AllowedToDelegateTo.
>    del-service       - Delete a service principal as
> msDS-AllowedToDelegateTo.
>    for-any-protocol  - Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
> (S4U2Proxy) for an account.
>    for-any-service   - Set/unset UF_TRUSTED_FOR_DELEGATION for an account.
>    show              - Show the delegation setting of an account.
>
> After executing samba-tool delegation add-service --help
>
> Usage: samba-tool delegation add-service <accountname> <principal> [options]
> Options:
>    -h, --help            show this help message and exit
>    -H URL, --URL=URL     LDB URL for database or target server
>
>  From the commands we have below questions
>
> 1) There is no <option> for passing the OU name in the "add-service"
> subcommand.
> 2) What are all the possible inputs, we can pass in the for "principal"
> parameter in the "add-service" subcommand.
> 3) Where we will get all the user/group accounts information about
> delegated tasks on a specific OU.
>
>
>
> *Thanks and Regards,*
>
> *Durga Prasad D*


Please do not ask the same question multiple times and do not hijack 
threads.

It is probable that nobody has answered your question because no one 
knows. I know little about delegation, so I cannot help further, but if 
it is possible to set delegation on an OU, then patches to make 
samba-tool do this would be most welcome. The same goes for your other 
problems.

Rowland