0

For a system we are developing we have 2 domains an internal and an external domain with bi directional trust between them. However the servers are only able to connect to their own DC's.

We have an application server on the internal domain which needs to use an LDAP query to gather a list of users from a group on the external domain. How do i go about writing an LDAP query that asks one DC to go ask another DC for a list of users.

I tried querying the internal DC with the same LDAP query I would use if it could hit the external DC directly but this does not work. When i use Softerra LDAP Administraor I can view the full hierarchy of the interal domain but despite the trust relationship between domains i am unable to see any of the external doamin.

Any suggestions or help would be greatly appreciated

Adam
  • 1
  • 1
  • 1

3 Answers3

4

You need to use LDAP referrals.

https://www.rfc-editor.org/rfc/rfc4511#section-4.1.10

These can be configured within Active Directory using crossRef objects.

See:

http://support.microsoft.com/kb/241737

technet.microsoft.com/en-us/library/cc978014.aspx

Community
  • 1
Jabberwocky
  • 41
  • 2
0

I ran into the same problem and solved it with OpenLDAP and its meta backend:

http://linux.die.net/man/5/slapd-meta

Laurent Nominé
  • 557
  • 1
  • 5
  • 16
0

I'm not sure if this will help or not, as I don't write LDAP queries directly, but I have c# applications that run on an application server on our external domain that must query AD on our internal domain.

In order to get this to work, I explicitly provide the FQDN of an internal DC in my LDAP connection string:

LDAP://cross-domain-dc.mydomain.local/OU=…
Jay
  • 131
  • 4