Microsoft KB Archive/268789

= LDAP Requires DBO Access for Setup of Membership Directory =

Article ID: 268789

Article Last Modified on 10/23/2000

-

APPLIES TO


 * Microsoft Site Server 3.0 Standard Edition

-



This article was previously published under Q268789



SUMMARY
In the Microsoft Site Server 3.0 online documentation, the &quot;Using SQL Server with Your Membership Directory&quot; section states the following:

The Site Server LDAP Service must be able to log on to the database. Set up a SQL Server login that the LDAP Service can use, and grant it full permissions for the database. You must set up this login before you create the Membership Directory. You can use the sa login for this purpose.

However, this may not be the optimal configuration for normal operations from a security standpoint.



MORE INFORMATION
Site Server requires full permissions to the Membership directory database so that it can create all the required tables and stored procedures. After you create the directory, you can change the account that is used by the Lightweight Directory Access Protocol (LDAP) server to access the SQL Server to an account that only has Read/Write permissions to the tables and Execute permissions to the stored procedures.

Keywords: kbbug kbfix KB268789

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.