How to create a LDAP service account user and assign permissions

How to create a LDAP service account user and assign permissions
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
How to create a LDAP service account user and assign permissions Shawn Anthony 07-10-2006
Posted by =?Utf-8?B?U2hhd24gQW50aG9ueQ== on July 10, 2006, 11:21 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I want to setup an account in AD that allows some third-party systems to
query the AD using LDAP or secure LDAP to validate users credentials. We
have systems like WebSense that need to use a special LDAP account that has
rights to validate users ID and passwords before they are allowed access to
the Internet.

How to I get this to work?



Posted by =?Utf-8?B?TXJ1bnlvbg==?= on July 10, 2006, 12:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hey...I have the same issue. I have someone wanting to setup a "Jabber"
server on Linux. Anyone answer your question?

--
Matty


"Shawn Anthony" wrote:

> I want to setup an account in AD that allows some third-party systems to
> query the AD using LDAP or secure LDAP to validate users credentials. We
> have systems like WebSense that need to use a special LDAP account that has
> rights to validate users ID and passwords before they are allowed access to
> the Internet.
>
> How to I get this to work?
>
>

Posted by Joe Richards [MVP] on July 10, 2006, 5:03 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
If you are using Active Directory, you simply create a user account. As
for how to configure the application, that depends on the application.
AD allows specifying credentials with several formats for LDAP binding
such as domain\userid, userprincipalname (like joe@domain.com), and DN.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Shawn Anthony wrote:
> I want to setup an account in AD that allows some third-party systems to
> query the AD using LDAP or secure LDAP to validate users credentials. We
> have systems like WebSense that need to use a special LDAP account that has
> rights to validate users ID and passwords before they are allowed access to
> the Internet.
>
> How to I get this to work?
>
>

Posted by Roger Abell [MVP] on July 11, 2006, 1:59 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Please clarify your post.
The subject says you need to create "a LDAP service account",
but the body of your post only indicates that you need an account
that can validate user credentials. As Joe indicated, any account
can do the last (but do use good safeguards in how you collect the
uid/pwd used in the validation). If however you are setting up a
Kerberos based service to be used by these third-party systems,
then please indicate as such.

>I want to setup an account in AD that allows some third-party systems to
> query the AD using LDAP or secure LDAP to validate users credentials. We
> have systems like WebSense that need to use a special LDAP account that
> has
> rights to validate users ID and passwords before they are allowed access
> to
> the Internet.
>
> How to I get this to work?
>
>



Posted by S. Pidgorny on July 11, 2006, 4:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I would guess that Websense will provide instructions.

Applications usually verify the users' credentials by reusing those for LDAP
bind - no account is necessary.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

>I want to setup an account in AD that allows some third-party systems to
> query the AD using LDAP or secure LDAP to validate users credentials. We
> have systems like WebSense that need to use a special LDAP account that
> has
> rights to validate users ID and passwords before they are allowed access
> to
> the Internet.
>
> How to I get this to work?
>
>



Similar ThreadsPosted
Assign permissions to create other users to Users account November 9, 2006, 4:05 am
How do I create a service account? August 6, 2007, 5:20 pm
Creating a very limited user account to run a service September 6, 2006, 11:04 am
Service Account Certficates June 16, 2005, 4:37 pm
Service Log On Account Problem September 19, 2005, 9:41 am
NTRights & SQL Service Account Security November 4, 2008, 10:04 am
maximum services service account can start April 27, 2006, 4:09 pm
Service Accounts & Account Lock out Policy February 15, 2007, 3:41 am
What rights on a machine does an account have when logging on as a service? March 15, 2008, 8:39 pm
Service running as Local system account Unable to map drive on ano December 23, 2005, 8:10 am

The site map in XML format XML site map

Contact Us | Privacy Policy