Going to add my $0.02 here, but yes AD is not LDAP, it looks like and behaves like ldap in many cases, but its the MS flavor, with Manny changes, AD and LDAP are not interchangeable... AD is its own creature.... I grow tired of explaining this... one is standards based the other is NOT....
On Apr 16, 2020, at 2:35 PM, Quanah Gibson-Mount quanah@symas.com wrote:
--On Thursday, April 16, 2020 2:10 PM +0000 "Kleber S. Carvalho" kleber.s.carvalho@avanade.com wrote:
First, we performed a valid test by performing authentication and a simple query directly to the minca.com domain, with the command:
ldapsearch -H 'LDAP: //minca.com: 3268' -D 'cn = Administrator, cn = users, dc = minca, dc = with' -w Avanade @ 2020! -b 'cn = users, dc = minca, dc = com'
However, when performing this procedure and authenticating the user minca@minca.com in the child.klabs.com domain using the ldapsearch tool, the result was an error according to file 7_openldaperror_indirectaccess.JPG stating invalid credentials.
Expected I would think, if using a simple bind.
However, a .net application was created to perform this same function and it worked, as per file 9_dotNetApp_success.JPG.
AD is not LDAP.
Finally, the conclusion we are reaching is that the openldap tool does not work directly between forests, but only on the same tree. We would like to know if this understanding is correct or if this is really a bug in the tool.
AD is not LDAP.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com