I have a simple WCF Service Application that I want to connect to an active directory for basic authentication. I can install, configure and add users to my AD LDS instance using my personal credentials (I'm an administrator). However, IIS can't bind to the instance. If I restart IIS using my credentials, everything binds just find and the authentication works as expected.
However, I don't want to run IIS with administrator privs. How do I configure AD LDS so that an app pool in IIS can bind but won't have the kind of elevated privs that can be a security nightmares?