RE: securing AD parameters

  • From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 25 Feb 2005 08:30:53 -0500

I think you answered your own question (well, almost).  

What you want are rights assignments.  It's not done via attribute per se,
but rather through permissions settings on the attributes.  Often done via
schema if global. 

What exactly do you need to accomplish?  By default LDAP users can't browse
the directory in the first place without authentication.  

There may be an easier way to do what you want, but we'll need more
information about the expected end state.



-----Original Message-----
From: Dan HINCKLEY [mailto:danslists@xxxxxxxx] 
Sent: Friday, February 25, 2005 3:25 AM
To: [ExchangeList]
Subject: [exchangelist] securing AD parameters


Is there a way to set the security on an AD parameter (extensionAttribute1
for example) so that only specific users or groups can query it via LDAP? 
I'm looking at keeping certain info in user objects secure from the general
LDAP user but accessible to those with the right to query it.

Dan Hinckley                            t: (41 22) 999 0183
Information Management Group            f: (41 22) 999 0010
IUCN, The World Conservation Union      e: dah@xxxxxxxxxxx
1196 Gland, Switzerland         w:
The Last Page of the Internet: 

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking: Leading
Network Software Directory:
No.1 ISA Server Resource Site: Windows Security
Resource Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: