Hi, I'm trying to authenticate users via AD.
I have 2 forests: A.COM and B.ORG which have a trust relationship between them. I can bind to A.COM and perform a search there while B.ORG has all the users.
When a user requests to log in, I'm trying to connect to A.COM and search for this user inside B.ORG for authentication.
My current configuration is
active_directory:
ldap:
order: 1
domain_name: A.COM
url: ["ldap://A_COM_IP_ADDRESS:389"]
bind_dn: "BIND_DN"
bind_password: "BIND_PW"
This config works for authentication within one forest, but fails in the cross-forest senario. The log shows authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1^@', ldapSDKVersion=4.0.8, revision=28812
How can I achieve this implementation? Thanks.