[Samba] Normal users do not see memberOf and userAccountControl LDAP attributes

shacky shacky83 at gmail.com
Mon Nov 14 18:21:40 UTC 2022

I am connecting an application to Samba using a "service" account
(basically an Active Directory "normal" user account).

I realised that to have access to some attributes of all users (for example
"memberOf" and "userAccountControl") this user should be part of the Domain
Admin group, else it has access only to all its own attributes, and it
shows only a partial sets of attributes for every other users.

I think this is a normal security approach, but I don't want to use a
Domain Admin account for applications.

For this reason I am wondering which permissions I should give to these
service user to access to all other users LDAP attributes.

Thank you very much!


More information about the samba mailing list