Michael Gasch
2005-Jul-29 12:13 UTC
[Samba] How to prevent users from deleting users from domain via usrmgr.exe ???
hi, weird thing: i thought when commenting out "delete user script" and "ldap delete dn" nobody is able to delete users from the domain. what happens: users are deleted, to be more specific their samba attributes are deleted but not their posix values. i won't let our admins delete users from our domain becaus we have another management to add/delete users to/from a domain. adding does not work already because samba does not find posix account information and add user script is set to "blank". i thought of setting delete user script to blank but samba does not care about that and deletes only samba attributes. to be clear: none of the attributes of a user should be removed!!! any help without patching the source? thx -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137
Louis van Belle
2005-Jul-29 12:39 UTC
[Samba] How to prevent users from deleting users from domain via usrmgr.exe ???
You should use the LDAP access rights to do this. http://www.idealx.org/prj/samba/smbldap-howto.en.html read section 5 and section 11.1.1 good luck>-----Oorspronkelijk bericht----- >Van: samba-bounces+louis=van-belle.nl@lists.samba.org >[mailto:samba-bounces+louis=van-belle.nl@lists.samba.org] >Namens Michael Gasch >Verzonden: vrijdag 29 juli 2005 14:15 >Aan: samba@lists.samba.org >Onderwerp: [Samba] How to prevent users from deleting users >from domain via usrmgr.exe ??? > >hi, > >weird thing: >i thought when commenting out "delete user script" and "ldap >delete dn" >nobody is able to delete users from the domain. > >what happens: users are deleted, to be more specific their samba >attributes are deleted but not their posix values. > >i won't let our admins delete users from our domain becaus we have >another management to add/delete users to/from a domain. > >adding does not work already because samba does not find posix account >information and add user script is set to "blank". > >i thought of setting delete user script to blank but samba >does not care >about that and deletes only samba attributes. > >to be clear: none of the attributes of a user should be removed!!! > >any help without patching the source? > >thx >-- >Michael Gasch >Max Planck Institute for Evolutionary Anthropology >Department of Human Evolution >Deutscher Platz 6 >D-04103 Leipzig >Germany > >Phone: 49 (0)341 - 3550 137 >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba >
Michael Gasch
2005-Aug-05 13:59 UTC
[Samba] How to prevent users from deleting users from domain via usrmgr.exe ???
hi, that does not really help much, because samba needs to have write permissions to modify samba attributes, which includes the ability of deleting attributes. it would be great, if there were sub-rights (add/modify/delete) in openldap, instead of only "write" thx so far -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137
Michal Kurowski
2005-Aug-05 14:15 UTC
[Samba] Re: How to prevent users from deleting users from domain via usrmgr.exe ???
Michael Gasch [gasch@eva.mpg.de] wrote:> > that does not really help much, because samba needs to have write > permissions to modify samba attributes, which includes the ability of > deleting attributes. > > it would be great, if there were sub-rights (add/modify/delete) in > openldap, instead of only "write"Use better Ldap server, ignore the propaganda ;-) -- Michal Kurowski <mkur@poczta.gazeta.pl>
Reasonably Related Threads
- weird problem with smbldap-tools and usrmgr.exe
- The single WINS problem: question
- net rpc vampire / Question or Problem?
- when working with "admin users =" "inherit owner" does not work anymore
- [Fwd: [Problem] Samba v3 Errors when group and user exists with same name]