Great, thanks! Regarding GC: we have a customer who has trusts to other ADs and had the requirement to authenticate against all of them and it only worked when using the Global Catalog and not specifying a BaseDN, maybe because it is different for each for the trusted ADs and so the users would be excluded from the results.
As I've created this config years ago I don't remember the details but it's still running fine. Best regards, Alex On 2015-12-22 22:08, Heikki Vatiainen wrote: > On 12/20/2015 09:49 PM, Hartmaier Alexander wrote: > >> @Heikki: could you add a section in the AuthBy LDAP2 which covers the >> topic Microsoft Active Directory? > I've made a ticket for this including these: > - Global catalog ports > - ServerChecksPassword - can't get user credentials from AD > - AttrsWithBaseScope - for AD constructed attributes e.g., tokenGroups > for getting group and nested group membership information > - Differences with non-AD LDAP servers - anything else than the above? > > One thing I'd like to ask you about Global Catalog: If the Base DN is > not empty, does it affect the search results? You wrote that it should > be left empty, however, I so far I have thought it's fine to specify a > Base DN. > > See for example this doc, and search for 'non-instantiated'. As I > understand it, it says base DN that is empty or anything else is fine. > > https://technet.microsoft.com/en-us/library/how-global-catalog-servers-work(v=ws.10).aspx > > Thanks, > Heikki > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
