Re: [ActiveDir]SUBDOMAIN AND LDAP

Fri, 22 Sep 2006 14:48:21 -0700

You might have them try to work with the GC. You should be able to authenticate and find users from any domain via the GC.
I think Joe Richards might also suggest that the vendor learn what they are doing and either integrate with AD the right way or don't claim they can. I'll bet they need to talk to a specific domain controller too. I won't put words in Joe's mouth though. :) 

Joe


----- Original Message ----- 
From: Ramon Linan

To: [email protected]
Sent: Friday, September 22, 2006 3:41 PM
Subject: RE: [ActiveDir]SUBDOMAIN AND LDAP



The application designer is telling me it can only be configured for one 
source of authentication, so if the use the domain level authentication will 
that allow to authenticate users in the subdomain?


I.e.
domain.com
child.domain.com


If I point the application to use domain.com as authentication source will 
that also authenticate users from the child domain?


Thanks





From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick

Sent: Friday, September 22, 2006 4:19 PM
To: [email protected]
Subject: Re: [ActiveDir]SUBDOMAIN AND LDAP


sub-domain query base: dc=subdomain,dc=domain,dc=com
domain query base: dc=domain,dc=com


When the search is initiated, it will start looking at the query base and, 
if so configured, everything below it (subtree search).



In your case, that won't likely happen depending on how you configured it. 
If you instead change your query base to dc=domain,dc=com (assuming you have 
a contiguous namespace) then you may get different results.



Testing.  You can use ldp, adfind, or any other ldap client if your app 
doesn't have that functionality built in.



Since you're security conscious, be mindful of the cert and the ports you're 
using during your testing :)



Permissions?  That depends on your configuration and your versions.  Windows 
2000 is pretty much open for searches while 2003 requires authenticated 
users by default.


Al


On 9/22/06, Ramon Linan <[EMAIL PROTECTED]> wrote:
Hi,

I have an application that uses LDAP to authenticate (authenticates
against AD).

In my AD I have a domain and subdomain or child domain.

I assume that both domain and subdomain uses the same LDAP, right?

Also, if the application is using a user from the subdomain to query the
LDAP, what kind of access will that user have to have to authenticate
users at the main domain level.

Basically, the application is authenticating fine the users from the
subdomain but cant fine the users from the main domain...


Thanks for any advice.


Rezuma


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx

List archive: http://www.activedir.org/ml/threads.aspx 


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx























					Reply via email to