Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

Minimum LDAP Rights

What are the minimum rights needed by an AD account to do LDAP lookups and Authentications.

We currently have a few applications set up to do lookups and authentication, but need to reduce the rights due to security concerns.
0
Octel-Node
Asked:
Octel-Node
2 Solutions
 
Mike KlineCommented:
By default just a normal user account should do it

http://support.microsoft.com/kb/922836

In the Active Directory directory service for Microsoft Windows Server 2000 and for Microsoft Windows Server 2003, it is difficult to prevent an authenticated user from reading an attribute. Generally, if the user requests READ_PROPERTY permissions for an attribute or for its property set, read access is granted. Default security in Active Directory is set so that authenticated users have read access to all attributes. This article discusses how to prevent read access for an attribute in Windows Server 2003 Service Pack 1 (SP1).

Thanks

Mike
0
 
SandeshdubeyCommented:
It depends on how you have manipulated perms in AD but normal domain user should be fine.

Just a simple user as authenticated users have permissions all over the
place to read. (unless that was changed)

You also may wanna have a look at:
http://www.petri.co.il/anonymous_lda...ws_2003_ad.htm
http://support.microsoft.com/?id=320528

0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now