I think you could but it would be non-trivial, I agree with
Al, use a different tool. dsacls or scripting is the
"standard".
Theoretically, and Dmitri or Eric can correct me if I am
off, you could create your Security Descriptor in SDDL format, convert
that to the binary form, then mime encode it, then try to apply that string for
the ntSecurityDescriptor attribute. You will likely have to do it as an
Administrator or else you will get an error since non-admins have to set special
controls to update the security descriptor and I don't think LDIFDE will do
it.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Friday, October 06, 2006 4:36 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Using an LDIF to set ACLs
There's no provision in the ldif standard that I'm aware of that would
allow this. LDIFDE might have something with it, but I haven't seen it.
You'd be better off using a different tool in my opinion.
Al
On 10/6/06, Isenhour,
Joseph <[EMAIL PROTECTED]>
wrote:
Does anyone know if it's possible to set Directory ACLs using an LDIF?
I'm trying to enforce a process for setting ACLs that is similar to the
process we have for making Schema extensions.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
