Creating a directory service account

Creating a directory service account

Problem:  Need to create service account for directory services (LDAP) connection.


Cause:  Unified Workspace uses a "proxy" style account to be able to integrate into your directory. This proxy account is the only user that accesses the LDAP server on behalf of the user. Because Unified Workspace integrates into your directory we have to have the proper rights to be able to modify objects in the tree.  It's also important to have a separate account that is only connected to our product.


Prerequisite(s):
  • Ability to create a new account in directory
  • Ability to modify user permissions/group membership 
  • Find distinguishedName (DN) attribute of new user account


Solution(s):  Here are some basic guidelines about rights to account.

Basics:
  • Installation requires admin-level rights and schema rights
  • Specifically, rights to extend schema, create objects and modify objects
  • Day-to-day operations can be run at this level or can be run at lower-level privileges
  • Recommended to make a specific "workspace" service account that will be separate from any other admin level accounts
  • Verify service account password does not expire and does not change
  • Program service account in Server Management console (https://127.0.0.1:8090) Directory Services

Minimum rights:
  • Full access to Stoneware OU (and child objects)
  • Ability to modify all the swareXXX attributes on any OU, Group, and User that will access software
  • Ability to add/modify/remove group membership for users and groups
  • Read rights to schema




Reference(s):

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • How to create a limited Active Directory service account

        Problem:  For webNetwork installation, you will need a Schema Admin and Domain Admin account.  For daily operation, you will need a service account to connect to Active Directory, but you may not want to run it with this same high-level account. ...

      • UW Active Directory Modifications

        Issue: How does Lenovo Unified Workspace affect Active Directory and specifically the Schema? Solution: Why does UW need to extend the Schema of AD? Please see the following KB article for a full explanation: ...

      • Account Locked message

        User is getting a message when logging into webNetwork that says : Account Locked This means that the directory ( Microsoft Active Directory or Novell eDirectory ) has detected too many invalid logins and has locked the account for intruder attempts. ...

      • Microsoft command line tools for Active Directory

        How to Manage Users Creating a New User Account 1. Click Start, and then click Run. 2. In the Open box, type cmd. 3. At the command prompt, type the following command: dsadd user userdn -samid sam_name The following values are used in this command: • ...

      • Management Console non-directory credentials

        Question How can I access Unified Workspace if my directory credentials are not working? For example: We are having directory issues and need to configure Unified Workspace to connect to a different Directory Controller. Solution The Management ...