Marek Szuba
2005-Dec-18 15:15 UTC
[Samba] Recommended LDAP access settings for a Samba admin DN
Hello again, At the moment everything works fine, but I'd like Samba to use a dedicated LDAP access DN instead of the global directory admin one. Could you give me any recommendations as to how access rules should be set for this DN so that it both can work without problems and have no unnecessary privileges? Regards, -- MS
Andrey Voitenkov
2005-Dec-19 12:28 UTC
[Samba] Recommended LDAP access settings for a Samba admin DN
Marek Szuba wrote:> At the moment everything works fine, but I'd like Samba to use a > dedicated LDAP access DN instead of the global directory admin one. > Could you give me any recommendations as to how access rules should be > set for this DN so that it both can work without problems and have no > unnecessary privileges?I use following settings: --- cut --- access to dn.subtree="dc=GYRUS,dc=office,dc=local" attrs=sambaLMPassword,sambaNTPassword by dn="uid=ssamba,ou=Shadow,dc=office,dc=local" write by dn="uid=radiusd,ou=Shadow,dc=office,dc=local" read by * none access to attr=userPassword by dn="uid=ssamba,ou=Shadow,dc=office,dc=local" write by self write by anonymous auth by * none access to dn.subtree="dc=GYRUS,dc=office,dc=local" by dn="uid=ssamba,ou=Shadow,dc=office,dc=local" write by * read access to * by * read --- cut --- Samba domain stored under dc=GYRUS,dc=office,dc=local node, samba uses posixAccount record uid=ssamba,ou=Shadow,dc=office,dc=local to access LDAP-server. May be it is not the best way, but it works for me. -- mccloud@