RE: Connect to a Secure Win2K LDAP server from Windows 2003
From: gordonah (gordonah_at_discussions.microsoft.com)
Date: 02/09/05
- Next message: gordonah: "RE: Whatr does Port 1025 do/needed"
- Previous message: gordonah: "RE: SID Filtering and trust"
- In reply to: AD user: "Connect to a Secure Win2K LDAP server from Windows 2003"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 9 Feb 2005 02:37:06 -0800
This is probably because by default the normal user account does not have
the required rights. This can be modified by putting the user account in the
"Pre-Windows 2000 compatible" group, which gives List contents on all
objects, and Read all properties and Read all permissions for group and user
objects from the root of the domain.
Of course, you want to loosen your secure environment as little as possible,
so you could apply just the permissions needed for the query (list contents
and read properties should do?) from the right level for the right accounts.
The Advanced button on the Security tab (available if Advanced view is
enabled) allows quite fine granularity.
Secure LDAP itself (meaning signing and encrypting of LDAP traffic) is I
think based on the client OS and tools used rather than user permissions, so
it might be a red herring.
Gordon
"AD user" wrote:
> I have a Secure LDAP server on Win2K SP4. I am using a Windows 2003 to
> connect to and query the information on the secure LDAP. If I log on to
> Windows 2003 as an Administrator, I can query the secure LDAP. But if I log
> on as a User, query Secure LDAP fails. Any advice will be greatly appreciated.
>
- Next message: gordonah: "RE: Whatr does Port 1025 do/needed"
- Previous message: gordonah: "RE: SID Filtering and trust"
- In reply to: AD user: "Connect to a Secure Win2K LDAP server from Windows 2003"
- Messages sorted by: [ date ] [ thread ]
