Hi All, Is there a way of setup a user account in Active Directory that can query other user info and does not have permission to update that information.
Background: I am trying to setup LDAP authentication on Tomcat5 connecting to Active Directory. When I bind to active directory as common user account I can query my own account and get the k"memberOf" field for role information. I can query and get "memberOf" field for Administrator accounts. I can NOT get "memberOf" field for other user accounts that are not administrators ( just regular users ). When I bind to active directory as an admin account I can query all accounts and get the "memberOf" for role information. But the catch is admin account also has permissions to update this information. I need one of the following: 1. An account on active directry that can query all users and get "memberOf" field but cannot update. 2. An admin account where the password does not have to be setup in clear text in "Server.xml". Thanks Kal CONFIDENTIALITY NOTE: All e-mail sent to or from this address will be received by the Waterfield Group corporate e-mail system and is subject to archival, monitoring, and/or review by someone other than the recipient or the sender. This e-mail and any of its attachments may contain proprietary information, which is privileged and confidential. This e-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. Thank you.