But, by default, AD does let any domain account query the directory. Let me qualify "any *authenticate* domain account".
It may be that your configuration has been setup a bit more secured than ours. We kept ours at the default. Either way, I still would rather use a single domain account for my ldap queries and control the access through the application itself. The other domain admins can worry about securing the Active Directory from user who choose to use ldap browsers or other tools. I do know that we allow ldap traffic from the outside to query for Exchange mail server address lists. M!ke -----Original Message----- From: Michael T. Tangorre [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 02, 2005 7:45 PM To: CF-Talk Subject: RE: CFLDAP and Authentication Question > From: Dawson, Michael [mailto:[EMAIL PROTECTED] Why not just create > a simple domain account? Active Directory allows each domain user to > query the directory. Since this is the case, there is little need to > pass around a user's authentication information. That is not always the case and allowing all users to query the AD free and clear is not a good idea. AD holds much more information than just simple user information. Since AD sits on the domain controller the user interfacing with the LDAP needs to properly authenticate, which is not just any AD user account.... at leas that is how have it set up. Mike ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:192842 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
