2 Replies Latest reply on Apr 14, 2020 3:23 AM by Bernard Stern

    Microsoft AD LDAP integration - multiple domains

    Mark Lemar
      Share This:

      I'm looking to integrate BMC Discovery 11.3.0.5 with an MS AD LDAP implementation.

       

      This would be with a view to authenticating & authorizing users from multiple, trusted global domains.  I understand this may be an issue as per the following?

       

      ADDM: Can you configure LDAP to authorize users from multiple domains, or all users from the root domain?

       

      ADDM: Allow for multiple LDAP configurations

       

      However, through my testing, I have has some success in verifying access for users with accounts in different trusted domains, by using a Search Template in the following format

       

      (|(userPrincipalName=%(username)s@nam.globaldomain.biz.com)(userPrincipalName=%(username)s@emea.globaldomain.biz.com) (userPrincipalName=%(username)s@apac.globaldomain.biz.com))

       

      Questions

      Are there any limitations in using a Search Template format such as this i.e. is there a field character limitation?

      Is there a variable/wildcard which could be use in place of the respective regional domain names?

      Are the domains searched in a particular order (left to right)?