Re: LDAP
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Fri, 16 Dec 2005 18:53:39 -0500
Yep since this a read issue then, you should export the data into an ADAM which you can more strictly control. If you start trying to lock down normal user access in AD you will likely break apps.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net
JohnB wrote:
Joe, thank you for the response.
By default, all userids belong to the Domain Users group so wherever this group may be used, which I believe it shouldn't, it can go.
I'm concerned, rightfully or wrongfully, that if a multifunction device is comprised, the compriser, depending on their skill level, may be able gain access to other parts of the network as mentioned above.
"Joe Richards [MVP]" wrote:
Well you can't really limit the LDAP ops that a userid can specify so you are stuck with limiting the access of the user id though a normal ID has fairly limited rights in the first place except for on their own account. If you really want to lock down what can be seen, consider pointing the devices to an ADAM you populate with the needed data instead.
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net
JohnB wrote:We're using several multfunction devices, e.g. copier/printer/scanner, and some have the ability to e-mail a scanned image, which requries a userid to retrieve a user's e-mail from Active Directory ... we're AD 2003 Interim.
With respect to security, how should this userid be configured, e.g. minimal rights and/or possibly limiting the type of LDAP operations?
Thank you in advance for your reply.
.
- References:
- Re: LDAP
- From: Joe Richards [MVP]
- Re: LDAP
- Prev by Date: Re: netchatspy
- Next by Date: RE: novice question
- Previous by thread: Re: LDAP
- Next by thread: Re: firewall
- Index(es):
Relevant Pages
|
