Loading...
 

LDAP / Active directory


Users in Child Domains cannot log in

For starters I looked here: http://doc.tiki.org/LDAP+authentication#comments&highlight=Active%20Directory
This helped me successfully configure LDAP to work with my Active Directory, but here is my problem:

My company has 4 child domains (representing 4 remote offices) in addition to the parent domain set up in Active Directory.
So, it looks something like this:

Parent: domain.com (This is my Base DN)
Child1: remotesite1.domain.com
Child2: remotesite2.domain.com
Child3: remotesite3.domain.com
Child4: remotesite4.domain.com

Each child domain has users that are not present on the parent domain (Base DN), which is the main office.

Attached is a screenshot of the set up I currently have on my LDAP tab (without specifics)

Any user registered in the Active Directory parent domain (BASE DN) can log into the Tiki with no problem.

Any user who logs in from any of my child domains fails to log in with a "Invalid password" message. I can reset the password, triple check it's being entered in properly, and the result it ALWAYS the same.

I've researched this for days upon days, I've tried everything. The ONLY way I can get my users in my child domains to log in, is if I completely reconfigure the LDAP tab to specifically point to the child domain. In which-case the users from the parent domain cannot log in.

If I cannot get this to work, I will have to recommend we explore another solution.

PLEASE ADVISE.

United States

BellaVaude,

So far as I know, Tiki is not currently capable of authenticating against multiple domains (or multiple LDAP servers). The code could be modified to search, say, the global catalog for the user's DN and then authenticate against the corresponding domain, but this would be custom coding.

\\Greg


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.