ForeignSecurityPrincipals with LDAP connection on Active Directory servers with trusted forest

Posted by Killerwhile on Stack Overflow See other posts from Stack Overflow or by Killerwhile
Published on 2009-12-23T12:11:41Z Indexed on 2010/04/28 19:07 UTC
Read the original article Hit count: 453

Filed under:
|
|

The context is the following :

Two domains mutually trusted

dc=dom1 
dc=dom2

a group

cn=group1,ou=someou,dc=dom1

with users inside :

cn=user11,ou=anotherou,dc=dom1
cn=user12,ou=anotherou,dc=dom1
cn=user13,ou=anotherou,dc=dom1

cn=user21,ou=anotherou,dc=dom2
cn=user22,ou=anotherou,dc=dom2
cn=user23,ou=anotherou,dc=dom2

The questions :

1. Test user's credentials

How can I do a ldap bind to test credentials for users of dom2 ? I tried to bind as usual but I cannot authenticate users of dom2, even if I connect in ldaps. Is there any trick ? Special permissions to set ?

2. Search and display users from the group.

How can I retrieve the detailed informations about the users of dom1 and dom2 using LDAP(s) connection on the AD of dom1 ?

I have an technical user which has right to browse both domain.

I'm able to see 6 entries in the group with the following filter :

(&(memberOf=cn=group1,ou=someou,dc=dom1)(|(objectClass=user)(objectClass=foreignSecurityPrincipal)))

but the users from the other domain are seen as

cn=...(some key)...,cn=foreignSecurityPrincipal,dc=dom1

Java hints would be better.

Thanks a lot !

© Stack Overflow or respective owner

Related posts about ldap

Related posts about active-directory