views:

306

answers:

2

The context is the following :

Two domains mutually trusted

dc=dom1 
dc=dom2

a group

cn=group1,ou=someou,dc=dom1

with users inside :

cn=user11,ou=anotherou,dc=dom1
cn=user12,ou=anotherou,dc=dom1
cn=user13,ou=anotherou,dc=dom1

cn=user21,ou=anotherou,dc=dom2
cn=user22,ou=anotherou,dc=dom2
cn=user23,ou=anotherou,dc=dom2

The questions :

1. Test user's credentials

How can I do a ldap bind to test credentials for users of dom2 ? I tried to bind as usual but I cannot authenticate users of dom2, even if I connect in ldaps. Is there any trick ? Special permissions to set ?

2. Search and display users from the group.

How can I retrieve the detailed informations about the users of dom1 and dom2 using LDAP(s) connection on the AD of dom1 ?

I have an technical user which has right to browse both domain.

I'm able to see 6 entries in the group with the following filter :

(&(memberOf=cn=group1,ou=someou,dc=dom1)(|(objectClass=user)(objectClass=foreignSecurityPrincipal)))

but the users from the other domain are seen as

cn=...(some key)...,cn=foreignSecurityPrincipal,dc=dom1

Java hints would be better.

Thanks a lot !

A: 

Did you find any answer to these questions? I am facing the same problem. Thanks! Jean

Jean Trepanier
A: 

I also have the same issue. For a given user A of Domain A, with trusted relationships between Domain A and Domain B, how can I see what groups in Domain B that user A belongs to? Without searching all groups in Domain B?

webhead