locked
How to do Active Directory W2k3 security task (ACL or whatever) ? RRS feed

  • Question

  • Hello,

    I'm having LDAP client application using AD as it's database.

    I've created user account i.e. John Smith with login "johns" and password "qwerty" with it's DN like : CN=John Smith,CN=Users,DC=domain,DC=com.

    I've delegated control over domain at users account for object SELF to create/delete/modify self object and all child object.

    I'm using  LDAP simple bind method to bind to AD. After binding my application creates organizationalUnit named "Private" for DN it's been binded (John Smith's DN):

    OU=Private,CN=John Smith,CN=Users,DC=domain,DC=com.

    As I'm checking with ADSIedit OU=Private inherits security options, but in ACL there's SELF object, not johns object.

    So if my application will try to add contact Mark Carlos into OU=Private,CN=John Smith,CN=Users,DC=domain,DC=com as a CN=Mark Carlos,OU=Private,CN=John Smith,CN=Users,DC=domain,DC=com it won't have suitable access rights. It would work if I binded for OU=Private,CN=John Smith,CN=Users,DC=domain,DC=com.

    So, anyone knows how to propagate user (not owner) access rights to all it's child objects?

     

    Any suggestion would be great!

     

    Best regards.

    Wednesday, September 8, 2010 9:40 AM