The application designer is telling me it can only be
configured for one source of authentication, so if the use the domain level
authentication will that allow to authenticate users in the
subdomain?
I.e.
domain.com
child.domain.com
If I point the application to use domain.com as
authentication source will that also authenticate users from the child
domain?
Thanks
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Friday, September 22, 2006 4:19 PM
To: [email protected]
Subject: Re: [ActiveDir]SUBDOMAIN AND LDAP
domain query base: dc=domain,dc=com
When the search is initiated, it will start looking at the query base and, if so configured, everything below it (subtree search).
In your case, that won't likely happen depending on how you configured it. If you instead change your query base to dc=domain,dc=com (assuming you have a contiguous namespace) then you may get different results.
Testing. You can use ldp, adfind, or any other ldap client if your app doesn't have that functionality built in.
Since you're security conscious, be mindful of the cert and the ports you're using during your testing :)
Permissions? That depends on your configuration and your versions. Windows 2000 is pretty much open for searches while 2003 requires authenticated users by default.
Al
On 9/22/06, Ramon
Linan <[EMAIL PROTECTED]>
wrote:
Hi,
I have an application that uses LDAP to authenticate (authenticates
against AD).
In my AD I have a domain and subdomain or child domain.
I assume that both domain and subdomain uses the same LDAP, right?
Also, if the application is using a user from the subdomain to query the
LDAP, what kind of access will that user have to have to authenticate
users at the main domain level.
Basically, the application is authenticating fine the users from the
subdomain but cant fine the users from the main domain...
Thanks for any advice.
Rezuma
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
