Logon Workstation and LDAP

[dgoldb1]

At my organization we have restricted workstation logon rights to only the user's personal workstation for security reasons. We recently installed a linux web server that uses LDAP to authenticate with Active Directory. The only way this works correctly is if the users have log on to rights to the domain controller in addition to their personal workstations. Does restricting log on to rights through active directory kill the use of LDAP for authentication? Would allowing log on to rights to a DC be a security issue? The users would not be able to actually log in to the DC because they are not a local admin.

Thanks.

 

[bobyBrown]

I'm not sure if I understand what you're trying to do. Are you saying that your user can only login to their personal workstation locally and not through the domain controller? The way I understand it is, if the user does not have rights/permission to login to a workstation via active directory authentication, your web application will not be able to authenticate its user through active directory either. I don't know how anyone can bypass that when the user has no rights/permission in the domain controller to start with.

If I misunderstood your situation, please elaborate.

 

[bobyBrown]

If your users are part of the domain users group then yes, it will work.