Buchan Milne wrote:
I assume this is for use by samba.
But, what dn is actually going to make these changes? Is it *really* the DN of
real users (members of the samba group Domain Admins), or is it using the DN
you have configured for samba/smbldap-tools (or similar) etc (with samba
controlling the use of this dn via rights).
In my case it is really DN of real users. People in Samba group Domain
Admins are granted an access to do what I described above (with
smbldap-tools), but what I really want is that all DNs in group Domain
Admins would have similar rights also when performing similar actions on
command line with ldap{search|add|modify|delete} commands, or more
precisely I want these people to access my LDAP directory with phpldapadmin.
> Well, I instead use a groupOfNames cn=Domain Controllers, have DN's
for each
host, and add those as member's of cn=Domain Controllers, and give that group
rights to create users.
You may be interested in this example:
http://cvs.mandriva.com/cgi-bin/cvsweb.cgi/SPECS/openldap/slapd.access.conf
Ok, I'll do that. Thanks!
Which also shows that you don't need a huge list of attributes, use the
objectclass instead (ie @sambaSamAccount).
Note that the samba aspects of this are quite off-topic ...
Regards,
Buchan
Cheers,
Jukka Hienola
