06-13-2017 04:28 AM
Hi,
I have a doubt about what information to put in the Admin DN filed when we are defining a LDAP external identity store.
For example: the objects in the identity store are in the route: CN=NAC,DC=ds,DC=corp
The Admin DN account that I should put to configure and bind the connection has to be mandatorily an admin accont of that domain, or I could put another account from another domain, but where the user defined on the server has read privileges at least to get the groups and subjects.
With this configuration, the bind is successful. The question
Thanks and kind regards
Solved! Go to Solution.
06-13-2017 07:22 AM
Yes, that's correct. I've seen some instances when you need to specify the domain even when you're querying the domain controller from that domain, so it's safest to specify the domain.
06-13-2017 06:56 AM
It does not need to be an admin account. Since you're going against Active Directory, you don't need to spell out the full DN. You can specify domain\username as well.
06-13-2017 07:03 AM
Hi Viktor,
Thanks for your reply. So as far if I understand you, I could put a username from another domain (different from ds.corp), in the form DOMAIN\username, if this username is allowed to ask the LDAP server and get the information.
Is that correct?
Thanks and regards
06-13-2017 07:22 AM
Yes, that's correct. I've seen some instances when you need to specify the domain even when you're querying the domain controller from that domain, so it's safest to specify the domain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide