Help

LDAP Service Account Permissions

Go to solution
jhuhmann
Contributor

Posted on ‎06-21-2012 08:22 AM

I'm setting up an Active Directory connection and it is asking for a service account. What are the minimum permissions the account needs in AD for LDAP functionality?

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
jarednichols
Honored Contributor

Posted on ‎06-21-2012 08:26 AM

The simple existence of the account being there should be sufficient. You shouldn't need any privs. I use the same account as my casper install account as it's an AD-based service account.

View solution in original post

0 Kudos
Reply
4 REPLIES 4

Go to solution
jarednichols
Honored Contributor

Posted on ‎06-21-2012 08:26 AM

The simple existence of the account being there should be sufficient. You shouldn't need any privs. I use the same account as my casper install account as it's an AD-based service account.

0 Kudos
Reply

Go to solution
jhuhmann
Contributor

Posted on ‎06-21-2012 09:15 AM

Excellent. Thanks.

0 Kudos
Reply

Go to solution
justinrummel
Contributor III

Posted on ‎06-21-2012 02:15 PM

Would that service account need JOIN privileges if you were trying to do authenticate binds to AD? It depends on your AD security settings.

- Justin

0 Kudos
Reply

Go to solution
jarednichols
Honored Contributor

Posted on ‎06-22-2012 04:57 AM

In most environments, AD accounts need specific permission to create the computer object when joining. Most environments will require a pre-created computer object before binding. Best practice is to allow a particular service account to create the object when joining, but to limit it to particular OUs and not the entire directory.

I believe OP was simply asking about the ability to do the user info lookups required so that AD users can log into the JSS.

0 Kudos
Reply