Permissions Needed When Using LDAP for Directory Extractions

The information in this article applies to product: e-Work all versions

Issue

  • What permissions does a user need to bind to a directory and run an extraction?

Resolution

  • Assuming their account hasn't been disabled, any user can bind. The only caveat is that the containers list control will only be populated with containers for which the user has permissions to view the contents. But this isn't a problem because users are unable to extract from the hidden containers anyway.
  • The following permissions are required by the user logging in to run an extraction.

    Active Directory
    The user identity specified for the extraction must have

    1. List Contents permission on all containers from which users are to be extracted
    2. Read All Properties permission on all entries that are to be extracted.

    eDirectory
    The user identity specified for the extraction must have

    1. Browse rights on all containers from which users are to be extracted
    2. Read rights on all entries that are to be extracted.
Tagged: