I have a couple Web Apps out there that use LDAP to authenticate. They all require a user a user for access to active directory. I'm just wondering what the best practices are for that user? Whats the bare minimum as far as rights that I can give to this user?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
LDAP Users
- Thread starter jadams
- Start date
Just make a standard user. All they need is to be in the "domain users" which everyone is by default when you create a user. They don't need to be put into any special groups.
What we do internally is just create a user in an OU that doesnt have any GPO's applied to it and we call it "readonly"
We give the user a strong password and poof. Now any applications that we have internally that need read access to AD to authenticate we use that account.
What we do internally is just create a user in an OU that doesnt have any GPO's applied to it and we call it "readonly"
We give the user a strong password and poof. Now any applications that we have internally that need read access to AD to authenticate we use that account.
include (dirname(__FILE__) . "/../src/adLDAP.php");
try {
$adldap = new adLDAP($options);
}
catch (adLDAPException $e) {
echo $e;
exit();
}
//var_dump($ldap);
echo ("<pre>\n");
// authenticate a username/password
if (0) {
$result = $adldap->authenticate("username", "password");
var_dump($result);
}
just authen...
try {
$adldap = new adLDAP($options);
}
catch (adLDAPException $e) {
echo $e;
exit();
}
//var_dump($ldap);
echo ("<pre>\n");
// authenticate a username/password
if (0) {
$result = $adldap->authenticate("username", "password");
var_dump($result);
}
just authen...
