User permissions to read LDAP

  • Thread starter Thread starter Galvanon
  • Start date Start date
G

Galvanon

Hello all -

We have an application that queries against AD using a specific user
account. However, at a new site we are working in, the user account that
they have created for us won't allow us to connect to AD.

My question is:

What is the minimum permissions that a user account needs to be able to
query AD?

As a test, I installed the Softerra LDAP Browser 2.6, both in my windows
2003 domain, and on the Windows 2003 server in the client's environment.

In my environment, I can use my account and see all of the CN and OUs in my
domain. When I run the program on the server in the client's environment,
and I use the account they gave me, I get an error "Invalid Credentials"

Thanks!
 
How can we run a test to see if we can read AD?

CAn we do something like this in Internet Explorer?

ldap://gal-dc:3268 (It's a DC and a GC)

We get an "Operations Error" when we do that...


"Jorge de Almeida Pinto [MVP]"
 
Invalid credentials means you dorked the userid or password. If it was a
security issue you just wouldn't see anything.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm
 
Galvanon said:
How can we run a test to see if we can read AD?

CAn we do something like this in Internet Explorer?

ldap://gal-dc:3268 (It's a DC and a GC)
Click to expand...

you can't connect to ldap on 3268. Use 389 for ldap communication.
 
Hi,

One of the main differences, from your standpoint, is that anonymous
access is enabled by default in Win2K AD, whereas it is DISABLED by
default in Win2K3 AD. See the links that Jorge provided earlier in this
thread.

Jim
 
Back
Top