childersj
asked on
Business objects authentication against active directory/ldap question
We have a new process/reporting service in development and the new server will be running business objects. It is Windows Server 2008 running in an Active Directory 2003 domain. I have a service account that was setup for them to schedule jobs and it has allowed them to work so far. The new requirement is that they integrate the authentication using the LDAP option. I just received a notice from the developers that they are receiving an error message stating "“The secLdap plugin failed to verify the server administration credentials”". Currently the account is set on to only be able to log onto the application server where business objects is installed. Does it also need to be granted logon rights to the domain controllers where the LDAP option is pointed to?
Thanks in advance.
Thanks in advance.
ASKER
That is not correct.
Why do you feel that is not correct?
Did you try the advice?
mlmcc
Did you try the advice?
mlmcc
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured out the solution. Assigning domain or enterprise admin rights is not an appropriate course of action. Assigning the correct granular security rights maintains the integrity of the environment while allowing the application to function.
best way is to create a new account, make it part of the domain (and maybe enterprise admins) and tell the developers to use this account.