Minimum LDAP Rights

What are the minimum rights needed by an AD account to do LDAP lookups and Authentications.

We currently have a few applications set up to do lookups and authentication, but need to reduce the rights due to security concerns.
Octel-NodeAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
SandeshdubeyConnect With a Mentor Senior Server EngineerCommented:
It depends on how you have manipulated perms in AD but normal domain user should be fine.

Just a simple user as authenticated users have permissions all over the
place to read. (unless that was changed)

You also may wanna have a look at:
http://www.petri.co.il/anonymous_lda...ws_2003_ad.htm
http://support.microsoft.com/?id=320528

0
 
Mike KlineConnect With a Mentor Commented:
By default just a normal user account should do it

http://support.microsoft.com/kb/922836

In the Active Directory directory service for Microsoft Windows Server 2000 and for Microsoft Windows Server 2003, it is difficult to prevent an authenticated user from reading an attribute. Generally, if the user requests READ_PROPERTY permissions for an attribute or for its property set, read access is granted. Default security in Active Directory is set so that authenticated users have read access to all attributes. This article discusses how to prevent read access for an attribute in Windows Server 2003 Service Pack 1 (SP1).

Thanks

Mike
0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.