Reputation: 416
Connecting to ad-lds without credentials
I've generated an AD-LDS instance on a Windows Server 2008 R2 and successfully connected to it via ADSI Edit on a windows 7 machine (both computers are situated on the same domain).
My goal is to create a lightweight .NET program that will be run by all domain users and determine whether a specific user can or cannot perform a certain action (roles & groups).
So far i've managed to write most of it, but i'm now facing a small security issue: althought no credentials are required when running from the server itself, when running from another user (in the same domain, ofcourse), LDS connection requires the instance's administrator credentials - and i'm not too keen to leave this kind of thing lie around in my code.
I've search the web quite a lot for a way to bypass that (Active Directory binding? / SimpleBinding?), but all solutions i found involved SSL and certificate installations.
Is there a simple way for a user in the domain to connect the LDS instance without exposing his/the server's credentials?
Thanks.
Upvotes: 0
Views: 790
Answers (1)
Reputation: 1158
Have you looked at permissions in the instance itself? There are groups you can add principals to. It sounds like you're running the code locally as the user that installed LDS which by default gets all sorts of perms, but other users were not granted enough rights (secure by default and all that).
Upvotes: 0
Related Questions
- Connect to Active Directory via LDAP
- Authenticating user against active directory without asking for Credentials
- Connect to the LDAP Active Directory in Java without username and password
- connect active directory using c#
- Connect to Active Directory using credential
- active directory authentification without credentials java
- Authentication against Active Directory using C#
- What info do I need to connect to Active Directory in C#?
- How to specify credentials when connecting to Active Directory?
- AD LDS configuration