LDAP authentication over AD trust RRS feed

  • Question

  • Hi!

    I am interesting if there is a way to put LDAP query against domain1.local to authenticate user from domain2.local? The two domains are in two-way trust.

    We have this configuration: two active directory forests (one domain in one forest; Windows Server 2019; Forest functional level: 2016) with two-way transitive trust between them (example, domain1.local; domain2.local). Trust between this domains is functioning well, we can add permissions to users from one domain on resources on other and vice versa. Domain controllers on both domains are in the same IP network and there is no firewall between them. Local firewalls on DC-s are disabled. In the future we will have more domains trusted by domain1.local and we want to avoid establish SSL connection (which requires certificates) from Zimbra and SMG to that domains. Instead, we would like to connect only to domain1.local and authenticate users from trusted domains (domain2.local and others in the future). So, we tried to connect from Zimbra and SMG to LDAP server (domain controller) in domain1.local and authenticate user from domain2.local over trust. We can bind to LDAP server, but user authentication failed. We can authenticate user from forest domain1.local.

    In both domains, anonymous access is enabled.

    Do you have any suggestions how to configure LDAP options or AD trust to succeed authentication in our configuration?

    Monday, October 5, 2020 11:37 AM