ShinyProxy LDAP authentication uses Spring Security, configured to do the following:
- bind with admin account
- when a user logs in, search for the user’s DN using either
- when the DN is found, bind with the user DN and password
- search for the user’s group memberships (under the admin’s bind context)
So the admin account needs the following privileges:
- It must be able to bind
- It must be able to search and find all the users and groups you want to use in ShinyProxy.
Beyond that, I am not aware of any other privileges that the account should have.