[Samba] Limit the ldapsearch command only admin
Rowland Penny
rpenny at samba.org
Wed Mar 15 09:13:05 UTC 2023
On 14/03/2023 15:11, Miguel Angel Coa M. via samba wrote:
> Hi guys,
> I've samba 4.16 on Rocky Linux 8.5 . I use the ldapsearch command with
> admin account for some taks and run ok, but discovered the same command run
> with "normal user" and list all ldap information.
>
> howto limit the ldapsearch only admin accounts?
>
> Thanks.
> Saludos.
You cannot, this is one of AD's features, any user (that includes
computers) can search AD. There are certain attributes that are
protected and they cannot see them, but they can see pretty much
everything. You could try to stop this by changing every ACL in AD, but
I urge you not to try, you will only end up having to reinstall your AD.
Rowland
More information about the samba
mailing list