schmichri

Asked: 2019-07-10 22:03:13 +0800 CST2019-07-10 22:03:13 +0800 CST 2019-07-10 22:03:13 +0800 CST

AccessControlEntry (ACL/ACE) in Active Directory with LDIF

772

Can I add AccessControlEntry (ACL/ACE) in Active Directory with LDIF Files and ldapadd? With OpenLDAP / Oracle Directory it seems to be possible.

I've tried:

## delegate Control / add ACI
dn: OU=nocluster2,OU=AWS-myaccount,OU=BigData,DC=BLA,DC=COMPANY,DC=COM
changetype: modify
add: aci
aci: (targetattr="*")(version 3.0; acl "give csmith full rights"; allow(all) userdn =  "ldap:///CN=noclusteradm2,OU=nocluster2,OU=AWS-myaccount,OU=BigData,DC=BLA,DC=COMPANY,DC=COM";)

Of course I get the error

ldap_modify: No such attribute (16)
    additional info: 00000057: LdapErr: DSID-0C090F64, comment: Error in attribute conversion operation, data 0, v3839

I've to run this commands from Linux/ansible and avoid powershell/DACL.exe/windows calls etc.

Web Analytics Made Easy - Statcounter