If it's a pure-LDAP application, you'll want to point it to a Domain A DC, using a Domain A service account for the administrative bind.
Do *not* use the round-robin domain name A record for a plain-old-LDAP application unless you have only one site with DCs in it. I've set up (and programmed) many dozens of such applications. I'll mention that I'm only half an hour south of you, should you require a quick day o' consulting. --Steve On Wed, Aug 29, 2012 at 3:08 PM, Christopher Bodnar < [email protected]> wrote: > We have 2 domains with a one way trust relationship (Domain A is Trusted, > Domain B is Trusting). Domain B is in a DMZ. So Domain A users can access > resources in domain B with their Domain A credentials. Also using selective > authentication for this trust. Works great > > Working with a vendor to implement a new system. The issue is that they > are trying to authenticate Domain A users from within Domain B (web portal > is in domain B) across the trust relationship using LDAP. So they are > pointing the LDAP bind to a Domain B DC, and it's not working. Anyone doing > something like this? Never had to setup anything like this before. Vendor > isn't real helpful in this situation. I'm not even positive what domain the > base DN should be. Been trying both each time we make a change. So far no > luck. Also not seeing any specific errors on the domain controller yet. Bad > thing is that not sure what DC the Domain B domain controller is bouncing > the request off of in Domain A. We have quite a few, and the logs are > pretty hefty. Probably gonna have to put WireShark on this to look at the > packets to get a clue. > > Any help is appreciated. > > Thanks, > > > *Christopher Bodnar* > Enterprise Architect I, Corporate Office of Technology:Enterprise > Architecture and Engineering Services Tel 610-807-6459 > 3900 Burgess Place, Bethlehem, PA 18017 > [email protected] > > > * > The Guardian Life Insurance Company of America* > * > **www.guardianlife.com* <http://www.guardianlife.com/> > > > ----------------------------------------- This message, and any > attachments to it, may contain information that is privileged, > confidential, and exempt from disclosure under applicable law. If the > reader of this message is not the intended recipient, you are notified that > any use, dissemination, distribution, copying, or communication of this > message is strictly prohibited. If you have received this message in error, > please notify the sender immediately by return e-mail and delete the > message and any attachments. Thank you. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image/jpeg>>
