Announcement

Collapse
No announcement yet.

Dumb question regarding LDAP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dumb question regarding LDAP

    OK, I should probably know this, but I had to create an account yesterday to be used as a service account for the purpose of LDAP queries/synchronization. For the sake of expediency, I added the account to the Domain Admins group, to ensure access to all OUs and groups, but I don't want to leave it like that. I do not like giving more security to an account than it needs to work, but I'm not sure what that is in this case. What do I need to do so this account can search LDAP without being a Domain Admin?

  • #2
    Re: Dumb question regarding LDAP

    IIRC read permissions only require "Authenticated User" but anonymous can be enabled
    http://www.petri.com/anonymous_ldap_...ws_2003_ad.htm
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Dumb question regarding LDAP

      I believe a domain account has read by default. I would highly recommend you always start with minimal permissions and work to adding them rather than granting all permissions and removing.
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment

      Working...
      X