Re: LDAP lookup based on a Security group?
- From: "Roger Abell [MVP]" <mvpnospam@xxxxxxx>
- Date: Sat, 24 May 2008 00:56:12 -0700
"Transam388" <Transam388@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FBDCB2C6-B59E-4ED2-9F08-E79654A144B4@xxxxxxxxxxxxxxxx
Not sure if this belongs here but this is the question. We have a devie
which we would like to do an LDAP lookup against our 2003 AD. Now this is
the twist...is it possible to base the account that this is done on a
security group versus a specific account? Essentially looking for a way
that
only the persons within that group can execute this LDAP but not have it
based only on one ID.
Thanks!!
Well, I am not quite sure I am guessing what you ask by saying
is it possible to base the account that this is done on a security group
Does that mean: can we limit the account(s) doing the LDAP query to
members of a security group ?
In general, any forest account can use LDAP to query just about anything.
You can limit what account(s) can execute some app/script your dev
comes up with, sure, and by groups too. But that does not mean that
only those accounts are able to run the query used in the app/script.
To control what accounts can get results for some specific LDAP query
you would have to control what accounts can read the AD objects/attributes
in AD via their permissions - something you should only do with awareness
of possible implications.
Roger
.
- Prev by Date: Re: Child domain laptops autoenrolling user certs but not computer certs
- Next by Date: Re: EFS on shared file server
- Previous by thread: EFS on shared file server
- Next by thread: Re: Allow non-Administrator to view and terminate processes for all users
- Index(es):
Relevant Pages
|
|
