In this enviroment secured communications with the directory server is requried. There is also a load balancer involved when communicating with Active Directory servers so using Kerberos with Active Directory Fails when pointing to AD through the load balancer. It works fine when we bypass the load balancer. The Search Filter used is able to pull all the desired user from a specific group I've set up.
Example that works when using AD with or w/o Kerberos Authentications:
Base DN: nvolab.net
Relative Search DN:
Search Filter: (&(objectCategory=person)(memberOf=CN=Jabber,OU=GROUPS,DC=nvolab,DC=net))
This works fine. But when switching to LDAP it is able to communicate but the search filter doesn't pull any users.
I've tried variations on the search string of
None of them seem to be able to pull the user informaiton when using LDAP
Anyone know how this should be configured on TMS to properly pull the users that are members of the Jabber group in AD when using LDAP?
Ask your admins if its possible to use a specific ad server for this task.
Also consider aksing the load balancer vendor if he knows such an issue and
possibly has a workaround.
Did you try it with some other ldap tool if you succeed? If its unencrypted, maybe
a wireshark can tell you more.
If you do not get a better answer here consider asking TAC, though I would say
this sounds like a 3rd party issue, so not sure what they would say, ...
They simply need to be able to use LDAP over SSL. Since LDAP with SSL works through the load balancer and we know the load balancer breaks AD Kerberos but does not break Unsecure AD the only option for them is to LDAP with SSL. This achieves the secure connection to AD through the load balancer. The only thing I need to figure out is the proper search string configuration to pull the users as stated above.
When using unsecure LDAP and grabbing the packets I see the LDAP queries going to the DC and the DC returning a response. But no user information is contained but 0 matches. So any help with the TMS configuration of LDAP will help immensly. This is mocked up in my lab for easy comparison.