Qlik Community

QlikView Security & Governance

Discussion Board for collaboration on QlikView Security and Governance.

swapnil_kumbhar
New Contributor III

Active Directory different domain user connection issue

Hi all,

I want to access the users which are on different domains through Active Directory setting in QEMC. Currently i can successfully access the users of Local domain but facing problem while accessing external domain users.

For Example:

I am using following LDAP string to connect to different domain Active Directory:

1. LDAP://ServerIP/DC=domain1,DC=xyz,DC=local

2. LDAP://ServerIP/DC=domain2,DC=xyz,DC=local

3. LDAP://ServerIP/DC=domain3,DC=xyz,DC=local

and so on


To connect to all domain Active Directory i am having common username of Domain1 only. i.e. Domain1\Username


I have confirmed with IT team about common username & they are saying this user has Read access to all other Domain AD.


By using this LDAP String i am able to connect Domain1 users but when i try to search other domain users then it gives following error message in QEMC.


AD Search Error.png

I have checked the logs & it gives following error in Log file for above error message:

ErrorException checking names in provider Domain3(name: Active Directory, type: AD): A referral was returned from the server.


Not able to find the exact reason behind this & why it is not connecting to other Domain users.


Kindly help me to resolve the issue. Your help is much appreciated.


Thanks,

Swapnil

4 Replies
dinuwanbr
Contributor III

Re: Active Directory different domain user connection issue

Hi,

Can you try like this.

When you are log in into other domains, can you use other user name and password to access LDAP and try.

Rgds,

Dinu1

swapnil_kumbhar
New Contributor III

Re: Active Directory different domain user connection issue

Hi Tharindu,

Because of security, Other domain username is not available.I have asked for same but IT team said the user they have provided have different domain users read access.

Re: Active Directory different domain user connection issue

Normally, to get through to the domain controller for a particular "other" domain that requires a different user account to query, you specify a UserID in that particular domain. Otherwise the domain controller of that "other" domain will try to forward you to the domain controller for the domain the specified user is member of.

You could try to run the DSC as the user that can query the other domains (as supplied by the IT department). In that case, you won't need to specify a userid and password in the DSC lines for the other domains.

Peter

dinuwanbr
Contributor III

Re: Active Directory different domain user connection issue

Hi,

Can you do like this?

Take usernames and passwords(with read rights enough) and the paths of LDAPs of other domains and add them under configurable LDAPs.

Rgds,

Dinu1

Community Browser