powered by Jive Software

Openfire and AD integration Permission Level

What is the least amount of permissions needed for the AD account Openfire uses to sync and authenticate with Active Directory?

Message was edited by: papawu

Erm, ‘‘not a lot’’ is probably as accurate as I can get. Assuming default Windows AD permissions (i.e. no denies) you simply need to be an authenticated user.



I did notice that in the LDAP-guide, the author suggests to use the built-in Administrator account. That is a big security risk, since the password for this LDAP user is not encrypted in openfire.xml. If the box gets hacked, the hacker now has an account to log into the user’'s domain controller.

Message was edited by: papawu

What I did was create a new admin user and add him into domain guests only, and that was good enough for me.