ForeignSecurityPrincipals with LDAP connection on Active Directory servers with trusted forest

Posted by Killerwhile on Stack Overflow See other posts from Stack Overflow or by Killerwhile
Published on 2009-12-23T12:11:41Z Indexed on 2010/04/28 19:07 UTC
Read the original article Hit count: 419

Filed under:

ldap

|

active-directory

|

java

The context is the following :

Two domains mutually trusted

dc=dom1 
dc=dom2

a group

cn=group1,ou=someou,dc=dom1

with users inside :

cn=user11,ou=anotherou,dc=dom1
cn=user12,ou=anotherou,dc=dom1
cn=user13,ou=anotherou,dc=dom1

cn=user21,ou=anotherou,dc=dom2
cn=user22,ou=anotherou,dc=dom2
cn=user23,ou=anotherou,dc=dom2

The questions :

1. Test user's credentials

How can I do a ldap bind to test credentials for users of dom2 ? I tried to bind as usual but I cannot authenticate users of dom2, even if I connect in ldaps. Is there any trick ? Special permissions to set ?

2. Search and display users from the group.

How can I retrieve the detailed informations about the users of dom1 and dom2 using LDAP(s) connection on the AD of dom1 ?

I have an technical user which has right to browse both domain.

I'm able to see 6 entries in the group with the following filter :

(&(memberOf=cn=group1,ou=someou,dc=dom1)(|(objectClass=user)(objectClass=foreignSecurityPrincipal)))

but the users from the other domain are seen as

cn=...(some key)...,cn=foreignSecurityPrincipal,dc=dom1

Java hints would be better.

Thanks a lot !

© Stack Overflow or respective owner

Related posts about ldap

NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Ubuntu 12.04 Preseed LDAP Config

as seen on Server Fault - Search for 'Server Fault'
I'm trying to deploy Ubuntu 12.04 via xCAT, everything works except the automatic configuration of LDAP, the preseed file is read but the file /etc/nsswitch is not written properly. My Preseed File: [...] ### LDAP Setup nslcd nslcd/ldap-bindpw password ldap-auth-config ldap-auth-config/bindpw password ldap-auth-config… >>> More
NetApp FAS 2040 LDAP Win2k8R2

as seen on Server Fault - Search for 'Server Fault'
I am trying to get my FAS2040 to action user lookups using LDAP, below is the filer configuration options: filer> options ldap ldap.ADdomain dc1.colour.domain.local ldap.base OU=Users,OU=something1,OU=something2,OU=darkside,DC=colour,DC=domain,DC=local ldap.base… >>> More
Apache+LDAP auth on Ubuntu says "Can't contact LDAP server" while ldapsearch is perfect

as seen on Server Fault - Search for 'Server Fault'
Hi Gurus, I'm migrating from an existing apache+LDAP+mysql+php server to a new hardware platform. Old server is running Debian Lenny, which I have no config documentation available (was done by previous sysadmin); New server is running Ubuntu 10.04.2 LTS 32bit. After installing Apache and configured… >>> More
Spring security ldap: no declaration can be found for element 'ldap-authentication-provider'

as seen on Stack Overflow - Search for 'Stack Overflow'
Following the spring-security documentation: http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ldap.html I am trying to set up ldap authentication (very simple - just need to know if a user is authenticated or not, no authorities mapping needed) and have put this in my applicationContext-security… >>> More

Related posts about active-directory

Can't join OS X Mavericks to AD Domain

as seen on Server Fault - Search for 'Server Fault'
I'm attempting to join an OS X Mavericks (10.9) client to a Windows Server 2008 Active Directory domain, however the bind fails with this error in the OS X client's system.log: Oct 24 15:03:15 host.domain.com com.apple.preferences.users.remoteservice[5547]: -[ODCAddServerSheetController handleOtherActionError:… >>> More
Retrieve user details from Active Directory using SID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her SID. I don't want to rely on other attributes, since I am trying to detect changes to these. Example: I get a message about a change to user record containing: Message: User Account Changed: Target Account Name: test12 Target… >>> More
Retrieve user details from Active Directory using GUID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Retrieve user details from Active Directory using GUID [closed]

as seen on Super User - Search for 'Super User'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Office365 DirSync Active Directory Integration

as seen on Server Fault - Search for 'Server Fault'
I am preparing to deploy Office365 for my organization. We have an on premise Active Directory Domain Controller (Windows Server 2012 R2). We would like to leverage our Active Directory for: automatic user provisioning in Office365, and password synchronization, using the DirSync tool. Our Active… >>> More