search cancel

Active Directory as User Directory - connecting with a user in Domain Users Security Group

book

Article ID: 133521

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

Active Directory is used for a User Directory which is defined in "Infrastructure" > "Directory" > "User Directories" on the Administrative UI.

For connecting to Active Directory, "Administrator Credentials" are required.

What kind of the user should be specified for the "Administrative Credentials"?

The minimum user privileges are preferable.


Cause

The use of Administrator privileges has to be minimized by the corporate policies.

Environment

Release : 12.8

Component : SITEMINDER -POLICY SERVER

Resolution

The user for connecting to Active Directory user store can be a Domain User when the user store is used for user authentication and authorization only. (Read permission is enough.)

If the SiteMinder Password Services or Disable Users in Admin UI are necessary for the Customer's implementation, the user must be given write permission.