Going to add my $0.02 here, but yes AD is not LDAP, it looks like and behaves like ldap in many cases, but its the MS flavor, with Manny changes, AD and LDAP are not interchangeable... AD is its own creature.... I grow tired of explaining this... one is standards based the other is NOT....
> On Apr 16, 2020, at 2:35 PM, Quanah Gibson-Mount <[email protected]> wrote: > > > > --On Thursday, April 16, 2020 2:10 PM +0000 "Kleber S. Carvalho" > <[email protected]> wrote: > >> First, we performed a valid test by performing authentication and a >> simple query directly to the minca.com domain, with the command: >> >> ldapsearch -H 'LDAP: //minca.com: 3268' -D 'cn = Administrator, cn = >> users, dc = minca, dc = with' -w Avanade @ 2020! -b 'cn = users, dc = >> minca, dc = com' >> >> However, when performing this procedure and authenticating the user >> [email protected] in the child.klabs.com domain using the ldapsearch tool, >> the result was an error according to file >> 7_openldaperror_indirectaccess.JPG stating invalid credentials. > > Expected I would think, if using a simple bind. > >> However, a .net application was created to perform this same function and >> it worked, as per file 9_dotNetApp_success.JPG. > > AD is not LDAP. > >> Finally, the conclusion we are reaching is that the openldap tool does >> not work directly between forests, but only on the same tree. We would >> like to know if this understanding is correct or if this is really a bug >> in the tool. > > AD is not LDAP. > > --Quanah > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com>
