Re: Bind to a custom object
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 7 Mar 2007 17:02:08 -0600
You got the bind working (nice job!) but your ACLs aren't right. If you get
the ACLs set correctly, you can specify that the custom "user" can modify
some or all of their attributes.
The clean way to do this is to use the built in "SELF" security principal in
your ACLs. This way, you can actually set up all of your permissions to
inherit from the parent container or set the default security descriptor for
your class to contain the ACL entries you need ahead of time without having
to set ACLs individually for each object as you create them. This will make
your life much more simple. :)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Petent" <petent@xxxxx> wrote in message
news:1173306288.518975.82210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
im using ADAM server on win 2003 server
.
I created a new schema class:
=================================
dn: CN=TUser,CN=Schema,CN=Configuration,CN={X}
changetype: ntdsschemaadd
objectClass: top
objectClass: classSchema
cn: TUser
subClassOf: top
governsID: 2.5.2.3.11.22.1.2.3.1.2.3.2
rDNAttID: uid
showInAdvancedViewOnly: TRUE
adminDisplayName: TUser
adminDescription: TUser
objectClassCategory: 1
lDAPDisplayName: TUser
systemOnly: FALSE
systemPossSuperiors: organizationalUnit
systemPossSuperiors: container
systemMustContain: uid
systemMustContain: uuid
systemAuxiliaryClass: securityPrincipal
systemAuxiliaryClass: msDS-BindableObject
defaultHidingValue: FALSE
defaultObjectCategory: CN=TUser,CN=Schema,CN=Configuration,CN={X}
=================================
Than i create an object "uid=testUserUID, ou=users,dc=test" at set a
password for it.
Bind(ldapbrowser) as "uid=testUserUID, ou=users,dc=test" to
"uid=testUserUID, ou=users,dc=test" working fine, but i cannot modify
object attributes.
How can modify my ACL's (i think this is the problem) to bind as
"uid=testUserUID,.." to "uid=testUserUID,.."?
The goal is that this user can change only attributes on him self.
Regards
.
- Follow-Ups:
- Re: Bind to a custom object
- From: Petent
- Re: Bind to a custom object
- References:
- Bind to a custom object
- From: Petent
- Bind to a custom object
- Prev by Date: Re: Break ADAM configuration set, leaving two seperate instances?
- Next by Date: Re: Errors with Active Directory/DNS
- Previous by thread: Bind to a custom object
- Next by thread: Re: Bind to a custom object
- Index(es):
