[RADIATOR] AuthBy LDAP2 to AD

[Hartmaier Alexander]

Great, thanks!

Regarding GC: we have a customer who has trusts to other ADs and had the
requirement to authenticate against all of them and it only worked when
using the Global Catalog and not specifying a BaseDN, maybe because it
is different for each for the trusted ADs and so the users would be
excluded from the results.

As I've created this config years ago I don't remember the details but
it's still running fine.

Best regards, Alex

On 2015-12-22 22:08, Heikki Vatiainen wrote:
> On 12/20/2015 09:49 PM, Hartmaier Alexander wrote:
>
>> @Heikki: could you add a section in the AuthBy LDAP2 which covers the
>> topic Microsoft Active Directory?
> I've made a ticket for this including these:
> - Global catalog ports
> - ServerChecksPassword - can't get user credentials from AD
> - AttrsWithBaseScope - for AD constructed attributes e.g., tokenGroups
> for getting group and nested group membership information
> - Differences with non-AD LDAP servers - anything else than the above?
>
> One thing I'd like to ask you about Global Catalog: If the Base DN is
> not empty, does it affect the search results? You wrote that it should
> be left empty, however, I so far I have thought it's fine to specify a
> Base DN.
>
> See for example this doc, and search for 'non-instantiated'. As I
> understand it, it says base DN that is empty or anything else is fine.
>
> https://technet.microsoft.com/en-us/library/how-global-catalog-servers-work(v=ws.10).aspx
>
> Thanks,
> Heikki
>



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*