On 1/25/2016 4:37 PM, Rowland penny wrote:> On 25/01/16 19:37, James wrote: >> Hello, >> >> I'm able to successfully authenticate Snipe-IT against Samba. >> However looking through the documentation for the ldap config. >> >> http://docs.snipeitapp.com/manual/user-management/index.html >> >> I see LDAP Bind Username |cn=read-only-admin,dc=example,dc=com. |How >> do I create a read only user in Samba?|Thanks. >> >> >> >> | >> > > How are you running Samba ? as an AD DC or something else. > > Rowland > >As a ADDC. -- -James
Rowland penny
2016-Jan-26 13:09 UTC
[Samba] Snipe-IT ldap integration / Create read only user
On 26/01/16 12:48, James wrote:> On 1/25/2016 4:37 PM, Rowland penny wrote: >> On 25/01/16 19:37, James wrote: >>> Hello, >>> >>> I'm able to successfully authenticate Snipe-IT against Samba. >>> However looking through the documentation for the ldap config. >>> >>> http://docs.snipeitapp.com/manual/user-management/index.html >>> >>> I see LDAP Bind Username |cn=read-only-admin,dc=example,dc=com. |How >>> do I create a read only user in Samba?|Thanks. >>> >>> >>> >>> | >>> >> >> How are you running Samba ? as an AD DC or something else. >> >> Rowland >> >> > As a ADDC. >In which case it is easy, especially as the page you linked to has 'Example' above the user DN you posted. Using your favourite way of creating AD users, create a user, that's it! The user will have read-only access to AD and read/write access to its own AD object. You should be aware that the user, by default, will be created in 'CN=Users,DC=example,DC=com' not in 'DC=example,DC=com' as shown on the linked page. Rowland
Sébastien Le Ray
2016-Jan-26 16:59 UTC
[Samba] Snipe-IT ldap integration / Create read only user
Le 26/01/2016 14:09, Rowland penny a écrit :> > In which case it is easy, especially as the page you linked to has > 'Example' above the user DN you posted. > Using your favourite way of creating AD users, create a user, that's > it! The user will have read-only access to AD and read/write access to > its own AD object. > > You should be aware that the user, by default, will be created in > 'CN=Users,DC=example,DC=com' not in 'DC=example,DC=com' as shown on > the linked pageYou may also add a GPO to prevent such users to log in by putting them in a specific group and list it in « prevent local login »/« prevent TSE login » (inaccurate translation) Regards