Kristof Bruyninckx wrote: > Entry in the /etc/samba/smb.conf > snip " > ldap ssl = no > ldap admin dn = uid=samba,ou=Idmap,dc=thales,dc=be > ldap idmap suffix = ou=idmap > ldap suffix = dc=thales,dc=be > idmap backend = ldap:ldap://127.0.0.1 > snip" > > Also fixed the ACL (I think...) : > > Changed the ACL part in the /etc/openldap/slapd.conf to the following > > access to attr=userPassword > by self write > by anonymous auth > by dn.base="uid=samba,ou=Idmap,dc=thales,dc=be" write > by * none > access to * > by self write > by users read > by dn.base="uid=samba,ou=Idmap,dc=thales,dc=be" write ACLs are evaluated "in order", the first match wins (see man slapd.access).
here is an (simple) example: # give everyone read access to the RootDSE and subschema access to dn.base="" by * read access to dn.base="cn=subschema" by * read #protect passwords access to attrs=userPassword by dn.base="uid=samba,ou=Idmap,dc=thales,dc=be" write by self write by anonymous auth by * none # very permissive but this is no problem as long as there are # not other sensible entries in the directory like user objects. access to * by dn.base="uid=samba,ou=Idmap,dc=thales,dc=be" write by self write by users read by * none hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba