Re: Access Control to LDAP on AD?
-
Date: 10/17/05
- Previous message: ertanzanagar_at_comcast.net: "Re: CAPICOM error -2138568448: The requested operation is not supported in this platform"
- In reply to: Roger Abell [MVP]: "Re: Access Control to LDAP on AD?"
- Next in thread: Alun Jones: "Re: Access Control to LDAP on AD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Oct 2005 14:57:43 -0400
So, there's no solution?
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:Odue6pU0FHA.2008@TK2MSFTNGP10.phx.gbl...
>I believe you can not realistically do that as an account will at times
> be issuing Ldap queries, behind the scenes, sometimes against
> the GCs, just to function as a domain client. Also, not all Ldap
> queries are authenticated queries so if your objective is to
> avoid a potential DoS from malicious queries they may try to
> side-step your efforts using unauthenticated binds if they are
> allowed to communicate with the ldap and gc ldap ports.
>
> --
> Roger Abell
> Microsoft MVP (Windows Server : Security)
> MCDBA, MCSE W2k3+W2k+Nt4
> <-> wrote in message news:uL$IzaS0FHA.3188@TK2MSFTNGP14.phx.gbl...
>> Is there a way to block certain user accounts from performing LDAP
>> queries on Active Directory?
>>
>> If anyone could let me know I would be most appreciative.
>>
>
>
- Previous message: ertanzanagar_at_comcast.net: "Re: CAPICOM error -2138568448: The requested operation is not supported in this platform"
- In reply to: Roger Abell [MVP]: "Re: Access Control to LDAP on AD?"
- Next in thread: Alun Jones: "Re: Access Control to LDAP on AD?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
