1 Reply Latest reply: May 1, 2016 12:01 PM by Peter Cammaert RSS

    Problem in Active Directory login from different domains

    Dawei Zheng

      Hello experts,

       

      I am using QlikView 11.20 SR12. I got problems when adding external domain into qlikview server.

       

      Here it is the scenario: I have a qlikview server installed in domain A, and I added ldap://A to DSC -> Active Directory. It works fine to login in the accesspoint using accounts in domain A.When I tried to add domain B (which is separated from domain A ) into Active Directory, the bind is successful, and in QMC User Management I can find users in domain B by searching their usernames in LDAP://B. The problem is, I cannot log in QV accesspoint with a domain B account.

       

      I used to think problem came from the AD settings, I cannot bind it with domain B's DN as 'path', but I can bind it by using its IP address

      (That's mean, ldap:\\B.com is not working, ldap:\\1**.***.**.* works in DSC)

      . Will it lead to mismatch between AD username and input username as 'B\username'? 

       

      Or if you have other ideas it would be so great to see. Thank you!

       

      Kind regards,

        • Re: Problem in Active Directory login from different domains
          Peter Cammaert

          The configuration of a domain B Domain controller in the DSC list will mean that QlikView will be able to lookup users from a different domain (because that's what an LDAP channel does) but has nothing to do with authentication of users. QlikView doesn't do authentication (except for Custom users) and in an AD-based envrionment leaves all of this to Windows.

           

          For your login problem to go away, your system administrator should set-up a thrust-relationship between the two domains. Your QlikView server in domain A must be told to thrust whatever the domain controller in domain B tells it about domain B users.

           

          Best,

           

          Peter