On 14/03/2023 15:11, Miguel Angel Coa M. via samba
wrote:> Hi guys,
> I've samba 4.16 on Rocky Linux 8.5 . I use the ldapsearch command with
> admin account for some taks and run ok, but discovered the same command run
> with "normal user" and list all ldap information.
>
> howto limit the ldapsearch only admin accounts?
>
> Thanks.
> Saludos.
You cannot, this is one of AD's features, any user (that includes
computers) can search AD. There are certain attributes that are
protected and they cannot see them, but they can see pretty much
everything. You could try to stop this by changing every ACL in AD, but
I urge you not to try, you will only end up having to reinstall your AD.
Rowland