I'm setting up an Active Directory connection and it is asking for a service account. What are the minimum permissions the account needs in AD for LDAP functionality?
Answer
LDAP Service Account Permissions
+10Best answer by jarednichols
The simple existence of the account being there should be sufficient. You shouldn't need any privs. I use the same account as my casper install account as it's an AD-based service account.
+24The simple existence of the account being there should be sufficient. You shouldn't need any privs. I use the same account as my casper install account as it's an AD-based service account.
+13Would that service account need JOIN privileges if you were trying to do authenticate binds to AD? It depends on your AD security settings.
- Justin
+24In most environments, AD accounts need specific permission to create the computer object when joining. Most environments will require a pre-created computer object before binding. Best practice is to allow a particular service account to create the object when joining, but to limit it to particular OUs and not the entire directory.
I believe OP was simply asking about the ability to do the user info lookups required so that AD users can log into the JSS.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.