I'm using LDAP authentication (A.D) on my application (like redmine, pfsense, or ESXi).
I recently successfully made a trust relationship 2 way between my domain PARIS.france and a foreign domain BERLIN.germany. The domain trust relationship look's OK, DNS too, I can browse each domain.
I did create a local group "application-access" in my A.D PARIS.france, containing user PARIS\Pierre and BERLIN\Otto
But when i try to login from the web application, only Pierre seems to work. Otto can't authenticate.
When i look further, i see in my group that Pierre have a SamAccountName, but Otto it a special kind of object ( this object is just a placeholder for a user or group from a trusted external domain ) and dont have a such attribute.. i guess that why it does not work ?
I never work before with trusted domain, it's a lab i'm doing for understand how it work. I'm trying make BERLIN user's can authenticate in my application trought the classic ldap bind. Of course i could change the binding for bind on the BERLIN active directory.. but that not the way it supposed to work right? I'm stuck since some week now trying to make a very basic thing.
Thank for reading and your guidance.
Edited Apr 23, 2021 at 19:37 UTC
Popular Topics in Windows Server
The help desk software for IT. Free.
Track users' IT needs, easily, and with only the features you need.
LDAP is different to AD. the AD trust can be used by native AD authentication scenarios but not LDAP. AD's LDAP interface still uses the LDAP standard so when it lists the users of the new group it will return thier full distinguished name (dn) example:
France can still authenticate Germany users, but you need to use the correct ldap syntax or base dn. Typically you can define more than one base dn - so if you add both then it will match. or use fuzzy logic to only match CN from the group.
hum, Ok so if i understand well,
the creation of the AD trust relationship between PARIS.france and BERLIN.germany, make a sort of proxyldap that allow me to query the DC=BERLIN,DC=germany schema from my PARIS.france AD server . Am i right ?
Actually i'm trying to query the DC=BERLIN,DC=germany schema but doesnt seem to work. I did try the following ldapsearch with both a standard user account binding and also domain admin account in in PARIS.france schema.
Edited Apr 29, 2021 at 21:54 UTC
NEXT: Docker Install Nginx