EMC LDAP profile
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-16-2017 07:12 AM
Hi all,
I apologize in advance if I missed the answer.
We have two domains in the same forest, parent domain X.Y and child domain Z.X.Y. We would like to setup AD/LDAP authentication to EMC so that users from both domains can access to EMC portal. Is this possible?
We tried to do this but without success.
Tnx,
Vesna.
I apologize in advance if I missed the answer.
We have two domains in the same forest, parent domain X.Y and child domain Z.X.Y. We would like to setup AD/LDAP authentication to EMC so that users from both domains can access to EMC portal. Is this possible?
We tried to do this but without success.
Tnx,
Vesna.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-17-2017 07:13 AM
Hi Ryan,
tnx for clarification.
We test it and it didn't work. If someone else can try it would be great.
BR,
Vesna.
tnx for clarification.
We test it and it didn't work. If someone else can try it would be great.
BR,
Vesna.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-16-2017 10:45 AM
Hello,
I don't think this is possible.
The problem is that users in the child domain don't exist in the parent domain. Extreme Access Control handles these types of split domain environments by being able to create multiple authentication rules that point to different domains with different LDAP URLs and Search Roots. To some extent (captive portal only) Extreme Access Control actually has the ability to look inside one forest and based on results of a search choose it or look into another.
The login mechanism only provides you with the ability to look into 1 LDAP configuration, which results in 1 domain forest.
The LDAP authentication login process looks like this:
Can anyone confirm this? I don't have a multi-domain forest to test with.
Thanks
-Ryan
I don't think this is possible.
The problem is that users in the child domain don't exist in the parent domain. Extreme Access Control handles these types of split domain environments by being able to create multiple authentication rules that point to different domains with different LDAP URLs and Search Roots. To some extent (captive portal only) Extreme Access Control actually has the ability to look inside one forest and based on results of a search choose it or look into another.
The login mechanism only provides you with the ability to look into 1 LDAP configuration, which results in 1 domain forest.
The LDAP authentication login process looks like this:
- Search request to determine if user exists
- If user exists --> attempt LDAP bind using the username/password provided in the login
- If authenticated --> obtain AD membership information for possible Authorization Group Matching.
Can anyone confirm this? I don't have a multi-domain forest to test with.
Thanks
-Ryan
