Security Basics mailing list archives
Restricting LDAP search permissions in AD2003
From: "Paul Deasy" <paul.deasy () gmail com>
Date: Wed, 19 Mar 2008 16:41:36 +0000
I have had a couple of requests to have some internal intranet apps configured so end-users could login via SSO (authenticating against our AD2003 database.) I'm trying to setup an AD2003 user account, which would be used when configuring the LDAP authentication of the webapp, but I'm a bit concerned that a basic domain-user level account would be able to do more than just query the AD database with an LDAP query. I'm trying to ensure that the useraccount would only be able to check permissions of a security group. Does anyone have (or know of) any recommended access controls for such a user account setup? I want to be sure that this user account cannot be used to modify user account permissions. any suggestions would be much appreciated PaulD
Current thread:
- Restricting LDAP search permissions in AD2003 Paul Deasy (Mar 19)
- RE: Restricting LDAP search permissions in AD2003 Hayes, Ian (Mar 19)