IGC authentication through LDAP failed multiple domains
Posted: Tue Sep 26, 2017 11:07 am
Hi,
We have setup IGC/Service-tier to connect to Windows Active Directory through LDAP. The AD forest has multiple subdomains.
A normal user have one unique ID/account across the AD forest (that is, no same user appears in more than one AD subdomain) and authentication into IGC was successful.
We have some users who's same ID is under two of the subdomains, and they are encountering authentication error. I do see the user is listed twice under Admin Console page.
Therefore, I'm wondering if IGC/Service-tier somehow "flattens" the user ID (USER@REALM becomes USER) during the authentication through LDAP ?
I'm guessing maybe IGC/service-tier picks the user at REALM_1 from LDAP search to authenticate, but the user is entering password for REALM_2.
Thanks,
We have setup IGC/Service-tier to connect to Windows Active Directory through LDAP. The AD forest has multiple subdomains.
A normal user have one unique ID/account across the AD forest (that is, no same user appears in more than one AD subdomain) and authentication into IGC was successful.
We have some users who's same ID is under two of the subdomains, and they are encountering authentication error. I do see the user is listed twice under Admin Console page.
Therefore, I'm wondering if IGC/Service-tier somehow "flattens" the user ID (USER@REALM becomes USER) during the authentication through LDAP ?
I'm guessing maybe IGC/service-tier picks the user at REALM_1 from LDAP search to authenticate, but the user is entering password for REALM_2.
Thanks,