Creating a directory service account

Creating a directory service account

Problem:  Need to create service account for directory services (LDAP) connection.


Cause:  Unified Workspace uses a "proxy" style account to be able to integrate into your directory. This proxy account is the only user that accesses the LDAP server on behalf of the user. Because Unified Workspace integrates into your directory we have to have the proper rights to be able to modify objects in the tree.  It's also important to have a separate account that is only connected to our product.


Prerequisite(s):
  • Ability to create a new account in directory
  • Ability to modify user permissions/group membership 
  • Find distinguishedName (DN) attribute of new user account


Solution(s):  Here are some basic guidelines about rights to account.

Basics:
  • Installation requires admin-level rights and schema rights
  • Specifically, rights to extend schema, create objects and modify objects
  • Day-to-day operations can be run at this level or can be run at lower-level privileges
  • Recommended to make a specific "workspace" service account that will be separate from any other admin level accounts
  • Verify service account password does not expire and does not change
  • Program service account in Server Management console (https://127.0.0.1:8090) Directory Services

Minimum rights:
  • Full access to Stoneware OU (and child objects)
  • Ability to modify all the swareXXX attributes on any OU, Group, and User that will access software
  • Ability to add/modify/remove group membership for users and groups
  • Read rights to schema




Reference(s):

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Change Reset Password Button Text

        Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...

      • Remove Reset Password Button From Login Page

        Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • Related Articles

      • How to create a limited Active Directory service account

        Problem:  For webNetwork installation, you will need a Schema Admin and Domain Admin account.  For daily operation, you will need a service account to connect to Active Directory, but you may not want to run it with this same high-level account. ...

      • Account Locked message

        User is getting a message when logging into webNetwork that says : Account Locked This means that the directory ( Microsoft Active Directory or Novell eDirectory ) has detected too many invalid logins and has locked the account for intruder attempts. ...

      • UW Active Directory Modifications

        Issue: How does Lenovo Unified Workspace affect Active Directory and specifically the Schema? Solution: Why does UW need to extend the Schema of AD? Please see the following KB article for a full explanation: ...

      • How to configure a webNetwork file service node ?

        To configure a native node:  * Remember that native is where the SWIFT services is running.  Host <blank>  Path :  Windows - c:\stoneware  Linux/Unix - /usr/stoneware  Netware - sys:stoneware  To configure a CIFS node:  Example Information:  Server ...

      • Microsoft command line tools for Active Directory

        How to Manage Users Creating a New User Account 1. Click Start, and then click Run. 2. In the Open box, type cmd. 3. At the command prompt, type the following command: dsadd user userdn -samid sam_name The following values are used in this command: • ...