RE: [ActiveDir] LDAP in Multi-domain environments

[Joe]

Title: Message

Is it doing an ldap authentication of the user or searching for the user and some attribute of the user to determine if they can be on?   If only authenticating and they have the user's upn (say everyone in the company has [EMAIL PROTECTED]) or full same name (including domain) they can pass that in the ldap bind instead of the user's dn thereby getting around searching for the user's dn and then authenticating them.     joe From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Thursday, October 16, 2003 4:52 PM To: [EMAIL PROTECTED] The app in question (and there’s one more doing the same thing) is supposed to validate a user’s logon. That’s basically the only thing the LDAP functionality is used for. But the user could be in either of two peer subdomains of an empty root. (If you’re interested specifically, the 2 apps are Kintana, which is a web-based change management tool, and Pixion, which is a web-based collaboration tool.)   <mc> -----Original Message----- From: Mulnick, Al [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 4:25 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] LDAP in Multi-domain environments   depends on what you're searching for in the app.  What's the app and what's it searching for.   Remember GC's are going to hold some of the information these apps are looking for.     Al -----Original Message----- From: Creamer, Mark [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 4:18 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] LDAP in Multi-domain environments We have some apps that make LDAP queries to allow a user to log in. Picture an "empty" root with two sub-domains. If the app is to be used only in a single sub-domain, i.e. dc=domain1,dc=company,dc=com, it works fine. If it needs to cross over to the other domain we have, though, i.e. dc=domain2,dc=company,dc=com, we're out of luck. We can't make the root dc=company,dc=com LDAP query search BOTH sub-domains for the user. Is this a limitation of LDAP, or of the apps that are trying to use it? I suspect it's the apps, but maybe there's a global (middleware?) fix someone can suggest?   If any of you are using an app called Kintana and have conquered this problem, I'd especially like to hear from you.   Thanks!   Mark Creamer Systems Engineer Cintas Corporation http://www.cintas.com Honesty and Integrity in Everything We Do