LDAP Users

jadams

2[H]4U
Joined
Mar 14, 2010
Messages
4,086
I have a couple Web Apps out there that use LDAP to authenticate. They all require a user a user for access to active directory. I'm just wondering what the best practices are for that user? Whats the bare minimum as far as rights that I can give to this user?
 

cyr0n_k0r

Supreme [H]ardness
Joined
Mar 30, 2001
Messages
5,360
Just make a standard user. All they need is to be in the "domain users" which everyone is by default when you create a user. They don't need to be put into any special groups.
What we do internally is just create a user in an OU that doesnt have any GPO's applied to it and we call it "readonly"
We give the user a strong password and poof. Now any applications that we have internally that need read access to AD to authenticate we use that account.
 

boylazer

n00b
Joined
Jan 12, 2013
Messages
22
include (dirname(__FILE__) . "/../src/adLDAP.php");
try {
$adldap = new adLDAP($options);
}
catch (adLDAPException $e) {
echo $e;
exit();
}
//var_dump($ldap);

echo ("<pre>\n");

// authenticate a username/password
if (0) {
$result = $adldap->authenticate("username", "password");
var_dump($result);
}

just authen...
 

J-Will

[H]ard|Gawd
Joined
Jan 10, 2009
Messages
1,728
Just make a standard user. All they need is to be in the "domain users" which everyone is by default when you create a user. They don't need to be put into any special groups.
What we do internally is just create a user in an OU that doesnt have any GPO's applied to it and we call it "readonly"
We give the user a strong password and poof. Now any applications that we have internally that need read access to AD to authenticate we use that account.

I locked the account down to SCL only... this place did not use smart cards :)
 
Top