Most of the time it's that simple but not always. In my environment the only way I can use a simple bind to a generic AD account to modify AD entries (i.e., not binding as myself to modify my own entry) is to have Full Domain privileges on the AD account I'm binding to. I do not want Full Domain privileges. So I'm thinking I may need to authenticate via Kerberos. Does anyone have a simple example and instructions for setting it up?
-----Original Message----- From: Christopher A Bongaarts [mailto:[EMAIL PROTECTED] Sent: Friday, January 21, 2005 2:36 PM To: [EMAIL PROTECTED] Cc: [email protected] Subject: Re: Accessing AD In the immortal words of [EMAIL PROTECTED]: > Maybe someone asked this before: > I would like to access Active Directory and add groups in the directory > tree. > This from a platform different of Win32, let's say *UNIX*. > Do I need to authenticate via Kerberos ? No, the standard LDAP bind works just fine; just bind as a user with sufficient rights to perform the operations you need. %% Christopher A. Bongaarts %% [EMAIL PROTECTED] %% %% Internet Services %% http://umn.edu/~cab %% %% University of Minnesota %% +1 (612) 625-1809 %%
