Skip to main content
Announcements
Have questions about Qlik Connect? Join us live on April 10th, at 11 AM ET: SIGN UP NOW
cancel
Showing results for 
Search instead for 
Did you mean: 
swapnil_kumbhar
Partner - Contributor III
Partner - Contributor III

Active Directory different domain user connection issue

Hi all,

I want to access the users which are on different domains through Active Directory setting in QEMC. Currently i can successfully access the users of Local domain but facing problem while accessing external domain users.

For Example:

I am using following LDAP string to connect to different domain Active Directory:

1. LDAP://ServerIP/DC=domain1,DC=xyz,DC=local

2. LDAP://ServerIP/DC=domain2,DC=xyz,DC=local

3. LDAP://ServerIP/DC=domain3,DC=xyz,DC=local

and so on


To connect to all domain Active Directory i am having common username of Domain1 only. i.e. Domain1\Username


I have confirmed with IT team about common username & they are saying this user has Read access to all other Domain AD.


By using this LDAP String i am able to connect Domain1 users but when i try to search other domain users then it gives following error message in QEMC.


AD Search Error.png

I have checked the logs & it gives following error in Log file for above error message:

ErrorException checking names in provider Domain3(name: Active Directory, type: AD): A referral was returned from the server.


Not able to find the exact reason behind this & why it is not connecting to other Domain users.


Kindly help me to resolve the issue. Your help is much appreciated.


Thanks,

Swapnil

4 Replies
dinuwanbr
Creator III
Creator III

Hi,

Can you try like this.

When you are log in into other domains, can you use other user name and password to access LDAP and try.

Rgds,

Dinu1

swapnil_kumbhar
Partner - Contributor III
Partner - Contributor III
Author

Hi Tharindu,

Because of security, Other domain username is not available.I have asked for same but IT team said the user they have provided have different domain users read access.

Peter_Cammaert
Partner - Champion III
Partner - Champion III

Normally, to get through to the domain controller for a particular "other" domain that requires a different user account to query, you specify a UserID in that particular domain. Otherwise the domain controller of that "other" domain will try to forward you to the domain controller for the domain the specified user is member of.

You could try to run the DSC as the user that can query the other domains (as supplied by the IT department). In that case, you won't need to specify a userid and password in the DSC lines for the other domains.

Peter

dinuwanbr
Creator III
Creator III

Hi,

Can you do like this?

Take usernames and passwords(with read rights enough) and the paths of LDAPs of other domains and add them under configurable LDAPs.

Rgds,

Dinu1