This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a doubt about what information to put in the Admin DN filed when we are defining a LDAP external identity store.
For example: the objects in the identity store are in the route: CN=NAC,DC=ds,DC=corp
The Admin DN account that I should put to configure and bind the connection has to be mandatorily an admin accont of that domain, or I could put another account from another domain, but where the user defined on the server has read privileges at least to get the groups and subjects.
With this configuration, the bind is successful. The question
Thanks and kind regards
Solved! Go to Solution.
It does not need to be an admin account. Since you're going against Active Directory, you don't need to spell out the full DN. You can specify domain\username as well.
Thanks for your reply. So as far if I understand you, I could put a username from another domain (different from ds.corp), in the form DOMAIN\username, if this username is allowed to ask the LDAP server and get the information.
Is that correct?
Thanks and regards