ForeignSecurityPrincipals with LDAP connection on Active Directory servers with trusted forest
Posted
by Killerwhile
on Stack Overflow
See other posts from Stack Overflow
or by Killerwhile
Published on 2009-12-23T12:11:41Z
Indexed on
2010/04/28
19:07 UTC
Read the original article
Hit count: 453
The context is the following :
Two domains mutually trusted
dc=dom1
dc=dom2
a group
cn=group1,ou=someou,dc=dom1
with users inside :
cn=user11,ou=anotherou,dc=dom1
cn=user12,ou=anotherou,dc=dom1
cn=user13,ou=anotherou,dc=dom1
cn=user21,ou=anotherou,dc=dom2
cn=user22,ou=anotherou,dc=dom2
cn=user23,ou=anotherou,dc=dom2
The questions :
1. Test user's credentials
How can I do a ldap bind to test credentials for users of dom2 ? I tried to bind as usual but I cannot authenticate users of dom2, even if I connect in ldaps. Is there any trick ? Special permissions to set ?
2. Search and display users from the group.
How can I retrieve the detailed informations about the users of dom1 and dom2 using LDAP(s) connection on the AD of dom1 ?
I have an technical user which has right to browse both domain.
I'm able to see 6 entries in the group with the following filter :
(&(memberOf=cn=group1,ou=someou,dc=dom1)(|(objectClass=user)(objectClass=foreignSecurityPrincipal)))
but the users from the other domain are seen as
cn=...(some key)...,cn=foreignSecurityPrincipal,dc=dom1
Java hints would be better.
Thanks a lot !
© Stack Overflow or respective owner