Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Minimum LDAP Rights

Posted on 2011-09-30
4
Medium Priority
?
290 Views
Last Modified: 2012-05-12
What are the minimum rights needed by an AD account to do LDAP lookups and Authentications.

We currently have a few applications set up to do lookups and authentication, but need to reduce the rights due to security concerns.
0
Comment
Question by:Octel-Node
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 500 total points
ID: 36893801
By default just a normal user account should do it

http://support.microsoft.com/kb/922836

In the Active Directory directory service for Microsoft Windows Server 2000 and for Microsoft Windows Server 2003, it is difficult to prevent an authenticated user from reading an attribute. Generally, if the user requests READ_PROPERTY permissions for an attribute or for its property set, read access is granted. Default security in Active Directory is set so that authenticated users have read access to all attributes. This article discusses how to prevent read access for an attribute in Windows Server 2003 Service Pack 1 (SP1).

Thanks

Mike
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 36895620
It depends on how you have manipulated perms in AD but normal domain user should be fine.

Just a simple user as authenticated users have permissions all over the
place to read. (unless that was changed)

You also may wanna have a look at:
http://www.petri.co.il/anonymous_lda...ws_2003_ad.htm
http://support.microsoft.com/?id=320528

0
 
LVL 27

Expert Comment

by:Tolomir
ID: 37175646
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question