LDAP cross-forest authentication

Hi, I'm trying to authenticate users via AD.

I have 2 forests: A.COM and B.ORG which have a trust relationship between them. I can bind to A.COM and perform a search there while B.ORG has all the users.

When a user requests to log in, I'm trying to connect to A.COM and search for this user inside B.ORG for authentication.
Untitled Diagram

My current configuration is

             order: 1
             domain_name: A.COM
             url: ["ldap://A_COM_IP_ADDRESS:389"]
             bind_dn: "BIND_DN"
             bind_password: "BIND_PW"

This config works for authentication within one forest, but fails in the cross-forest senario. The log shows authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1^@', ldapSDKVersion=4.0.8, revision=28812

How can I achieve this implementation? Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.