Hello,
We have configured Active directory services on Windows 2008 R2 server. We are trying to authenticate LDAP user from the client. But in the below scenarios Authorization is failing.
Cross Domain Authorization using Global catalog server(GC Port) fails:
Below is the AD configuration we have in our setup. We have a Forest in which 3 domains created with 1 Parent(abc.com) and 2 child domains(emea.abc.com, apac.abc.com). A ldap user(UserA) and ldap group(Ldapgrp1) created in the domain emea.abc.com. UserA made to be part of the Ldapgrp1 group.
When we try for Cross domain authentication by accessing the apac.abc.com by UserA(emea.abc.com). We have also enabled Global catalog(GC port) on Parent domain(abc.com). LDAP authentication is passing but Authorization is failing. Which means AD server is able to verify user name and password but it is not able to provide the Group details in which this userA is present. Because of which LDAP client is not able to authorize userA and it is failing.
For the above configuration and requirement, could you please let me know if it is valid scenario that is supposed to be working? If yes please let us know if we need to do any changes to AD to make it work.