Reputation: 41757
How does ActiveDirectory cross-domain trust carry over to an LDAP query?
I am using LDAP inside Plone running behind Apache on RHEL5 to authenticate users against ActiveDirectory. This worked great until we implemented cross-domain trust. Now the LDAP client doesn't know how to authenticate against the other trusted domains so our other users cannot use the web service.
Is there a nice way for the standard LDAP client to discover the cross-domain trust and try to authenticate against those as well?
Upvotes: 3
Views: 4074
Answers (1)
Reputation: 72640
Here is the begining of an answer :
It exists objects from the class 'trustedDomain' called Trusted domain objects (TDOs) that represent each trust relationship within a particular domain. Each time a trust is established a unique TDO is created and stored (in the System container) in its domain. Attributes such as a trust transitivity, type, and the reciprocal domain names are represented in a TDO.
If I use 'LDIFDE.EXE' which is an integrated windows server tool like 'ldapsearch' on OpenLDAP to search for such object :
C:\>ldifde -f trustedDomain.lfd -d "cn=system,dc=dom,dc=fr" -r "objectClass=trustedDomain" -l cn
The result is :
dn: CN=mod.dom.fr,CN=System,DC=dom,DC=fr
changetype: add
cn: mod.dom.fr
dn: CN=soc.fr,CN=System,DC=dom,DC=fr
changetype: add
cn: soc.fr
I've got two trusted domains that I can query from the value of the 'CN' attribute of this object.
Upvotes: 2
Related Questions
- Active Directory cross-domain search
- How to find trusted domain groups using Ldap query
- Cross forest LDAP query with one way trust
- Active Directory: Allow users of different domain to login
- Are Active Directory forest trusts transitive?
- Using wildcards in LDAP query to match trustParent property
- LDAP in medium trust
- Why do I need to set up trust to query Active Directory?
- Can I match a user to a group accross different domains?
- Authenticating AD via LDAP with a TRUST via PHP