2 Replies Latest reply: Feb 26, 2013 4:56 PM by Micah Sakata RSS

    Directory Service Connector - LDS authentication issue

    Micah Sakata

      Our current landscape uses AD and we have multiple domains that connect to our QVWs.  Our company is doing away with LDAP authentication and is moving to ADLDS.  I can't get this new environment to work.

       

      So instead of using the "Active Directory" DSC, I've connected through "Configurable LDAP".  I used the following string to connect to the LDS service:

       

      LDAP://AAAlds.webDomain.com:123/dc=AAA,dc=webDomain,dc=com

       

      This yield a listing of users (lastname, firstname format) from LDS and all looks good.  If you hover over the entries where it shows the true entry which is the domain/user revealing the problem.  It's returning results where the domain is different from our true domains.  As i mentioned previously, our landscape spans muliple domains by divisions in our company.  Let's say we have domain ABC, DEF, & GHI; and my username is ABC\user.  The LDS value that returns is DSP1/user.

       

      The issue here is despite being able to view the user with the wrong domain, and assign distribution to that user, the user will never authenticate because the domains don't match.

       

      I spoke with our LDS admin and he says that I'm pointing to the wrong base DN.  Somehow I'm supposed to add a BaseDN value of "o=webDomain.com".  If I add that portion to the string above, it breaks it.  If I replace the "dc" portion with the "o" entry, it works except that it returns user ID numbers with the same issue.  If I hover over the user ID, I get the wrong domain/username combo.

       

      Anyone know what I am doing wrong?