Re: ldap-client connection to AD - LdapErr: DSID-0C090627,

[Sankhadip Sengupta <sdsgupta@cs.utah.edu>]

This only allows "read" rights to  some or all of a particular user not all.

For certain queries with LDAP protocol this is required specially if  
the client is not aware of the bind dn,password etc.

It totally depends on the usage of the LDAP client and its requirements.

Also, just a note even if LDAP bind is successful in any ADS,if you do  
not have permissions to read in other hiererchies other than the bind  
dn you will face the same issue.

Thank you,

Sankhadip

Quoting Michael Ströder <michael@stroeder.com>:

> Sankhadip Sengupta wrote:
> >           If you want to anonymous queries you can easily do that in
> > Microsoft ADS.The link below is an excellent resource for doing that.I
> > have myself achieved success with this knowhow.
> >
> > http://www.petri.co.il/anonymous_ldap_operations_in_windows_2003_ad.htm
>
> As said: This is a massive change in the operational security of MS AD
> not appreciated by any AD admins I know. It's far more appropriate to
> get the LDAP bind right in your LDAP client.
>
> Ciao, Michael.



--
Sankhadip Sengupta
School of Computing,
University of Utah,
Utah-84112,
U.S.A.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.