[Samba] Limit the ldapsearch command only admin
Miguel Angel Coa M.
miguelcoam at gmail.com
Wed Mar 15 12:27:57 UTC 2023
Hi Rowland.
Thanks for you aclaration
Saludos.
---
Miguel Coa M.
El mié, 15 mar 2023 a las 6:14, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:
>
>
> On 14/03/2023 15:11, Miguel Angel Coa M. via samba wrote:
> > Hi guys,
> > I've samba 4.16 on Rocky Linux 8.5 . I use the ldapsearch command with
> > admin account for some taks and run ok, but discovered the same command
> run
> > with "normal user" and list all ldap information.
> >
> > howto limit the ldapsearch only admin accounts?
> >
> > Thanks.
> > Saludos.
>
> You cannot, this is one of AD's features, any user (that includes
> computers) can search AD. There are certain attributes that are
> protected and they cannot see them, but they can see pretty much
> everything. You could try to stop this by changing every ACL in AD, but
> I urge you not to try, you will only end up having to reinstall your AD.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list