Solved: About different domain - Page 2 - Qlik Community

Report Inappropriate Content · ‎2011-02-15

Hi,

I have the following scenario:

I installed the QV server in domain A whose active directory is LDAP://A

Now I want to use another domain's account to access QV server. And the LDAP of it is LDAP://B

I add the LDAP://A and LDAP://B in the Active Directory via QEMC, I have tested QV server could identify the users of Domain B by the function in QEMC.

But when I use the account from domain B to visit Access Point, unfortunately, it does not work.

And if I use the the account from domain A , it works.

It seems domain A could not identify the account of domain B.

So could you tell me what I can do?

Thanks a a ... lot.

Thanks.

Report Inappropriate Content · ‎2011-02-16

Hi,

Thanks for your reply, my LDAP of domain B looks like this:

LDAP://A.BC.COM, then I put it into AD like LDAP://DC=A,DC=BC,DC=COM

It still does not work, and in the left, when I type the Username and Password with DomainB\UserB, it tells the User name is wrong.

Another thing is what's your Authorization for QV Server, NTFS or DMS?

Report Inappropriate Content · ‎2011-02-16

And what the username type should be?

vgutkovsky · ‎2011-02-17

Well, your A domain should use an A domain username in the QEMC --> DSC in the format A\Username1 and your B domain should use the username B\Username2, where each username is a domain user on that domain. Your Fully Distinguished LDAP format looks correct, although of course it's hard to tell since I don't know your real domain structure.

Then from within the QEMC, test to make sure you can browse users on both domains. Authorization is NTFS.

Assuming that works, when a user goes to the AccessPoint, he should enter the username in the format A\User or B\User. But actually, it shouldn't even prompt him if you set it up correctly. If you see a prompt, then it probably won't work anyway and that most likely means that something in your domain structure has been specified incorrectly.

Regards,

Report Inappropriate Content · ‎2011-02-17

Yes, I did what you told. Maybe this issue is caused by the domain structure.

And another probable cause is who runs the QlikView Web Server?

I use DomainA\UserA to run the QlikView Web Server, This account just only could access Domain A not Domain B.

Is it a problem?

I don't know how to thank you enough. Many thanks Vlad Gutkovsky.

vgutkovsky · ‎2011-02-17

The services account that runs the QVWS doesn't need to be a member of a particular domain, any local admin account (QV Admin too of course) with logon-as-service rights will do. So...after you added the LDAP strings, were you able to browse the users in the QEMC or not? If not, then the problem is with the connection string and/or user account itself. If you were, then yeah, it's a domain structure issue.

An important thing to keep in mind is what domain the QVS itself belongs to. If it's a member of Domain A, then the default login domain is A.mycompany.com. If you don't specify the LDAP string properly, then it will attempt to authenticate domain B as A.mycompany.com\B.mycompany.com\user, which of course won't work. That's why Fully Distinguished format is preferable--you would want to specify your full LDAP structure in each string.

Regards,

Report Inappropriate Content · ‎2011-04-04

Hi Isaac,

Did you succesfully solved this issue ?

If yes, how did you do ?

Would it be possible to get a copy of the settings, as I'm having same issue with a customer ?

Regards,

Sébastien