LDAP auth with multiple Base DNs
I have successfully configured LDAP authentication against one subdomain of our Win2003 active directory. Are there any plans to support LDAP authentication against multiple subdomains? Our AD has a root domain, i.e. "mydomain.com" and below that root domain multiple subdomains, i.e. "emea.mydomain.com", "apac.mydomain.com" and "ncsa.mydomain.com". I have tried to set "mydomain.com" as the Base DN, but that doesn't find any user account.
-
-
Hi, this can be done, as we have a similar setup.
The trick is you need to use the Global Catalog. This basically entails using port 3268 as the LDAP port and you point your DN to root (mydomain.com).
The only issue we have had is, if you have the same login name in two different subdomains, it will fail on that login.Attached Files -
-
Thank you, Zaniwoop. I've added this useful info on the wiki page http://www.zabbix.com/wiki/howto/con...authenticationComment
-
If in organization using a mail system with AD Integration (Such as MS Exchange), you may use e-mail adres for authenticate users in zabbix:
Use a field "mail" instead of samaccountname, zabbix can authenticate users with same login names (e.g. [email protected] and [email protected]).
As for me - it a solution.
also we can use a field userPrincipalName (useful, if email addresses are not like domain names - e.g. [email protected] and [email protected])Comment
-
great idea!Comment
Comment