Hello,
Not sure if this is the right forum for this question, but since I am running a Samba4 DC I thought I'd start here. I have create a separate OU to manage Groups and Users for Applications: 1) ou=myappX,ou=app,dc=mydomain,dc=home All Users (and other groups, e.g. Domain Users) are obviously found in : 2) cn=users,dc=mydomain,dc=home So I created a service account that has "Full Control" on the separate OU (1). And I am trying to give this service account the rights to add/remove users and groups to my OU groups. I seem to have 2 problems: 1) Even if I give this service account "Full Control" on (2) where the users are, it only works with newly created users (the rights do not get inherited and I have not come across a good post on how to do that) 2) If I give rights to Read/Write the "memberOf" property, I have the same result - it simply does not work (I tried this by giving permissions on a single user and then trying to assign him to a group). Actually, even if I give "Full Control" on a single user, I cannot assign him one of my groups. Any hints of where or how I should approach this? Cheers & thx, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
