Next: D.4 Novell eDirectory Up: D.3 Active Directory Previous: D.3.5 Populating an H.350
|
Next: D.4 Novell eDirectory Up: D.3 Active Directory Previous: D.3.5 Populating an H.350
|
H.350 Security has not yet been fully implemented on the Active Directory platform. Below are some steps that may be necessary to implement H.350 in Active Directory, but not secure it. It is still necessary to ensure that only the owner of a commObject has access to password information
Anonymous LDAP operations are disabled by default in Windows 2003. You will need to either enable anonymous LDAP operations or ensure that all of your applications BIND with appropriate permissions. Instructions for enabling anonymous LDAP operations can be found in the Microsoft Knowledge Base (http://support.microsoft.com/default.aspx?scid=326690).
Once anonymous LDAP operations are enabled, it is necessary to give the 'ANONYMOUS_LOGIN' user appropriate permissions.
Using the following method, give 'ANONYMOUS_LOGIN' permissions to List Contents of Container Objects, List Contents of Organizational Unit Objects, and to read any properties that are necessary.
(1) Open 'adsiedit.msc' from the Windows 2003 Support Tools directory.
(2) Locate the Domain Naming Context folder. This folder has the LDAP path of your domain.
(3) Right-click the Domain Naming Context folder, and then click Properties.
(4) Click Security.
(5) Click Advanced.
(6) Click Add.
(7) Click the User Object user, and then click OK.
(8) Click the Permission Type tab.
(9) Click Inheritance from the Apply onto box.
(10) Click to select the Allow check box for the Permission permission.