| In service manager I can´t access the users and groups of a foreign domain using a Inbound Trusted Relationship. | |
Domain Trust
+5
+9
Did you modify the K2Server.config to add the foreign domain as a data source?
+5
In Sql Server I have a linked Server connected to the Active Directory and this query to the foreign Security Principals:
SELECT Name, ADsPath, samAccountName, objectGUID, Manager
FROM OPENQUERY(ADSI,
'SELECT Name, ADsPath, samAccountName, objectGUID, Manager
FROM ''LDAP://cn=ForeignSecurityPrincipals,DC=SG,DC=PCM,DC=GOV,DC=PT''
') AS Rowset_1
Query Results records with the following format:
Name: S-1-5-11
ADsPath: LDAP://CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=sg,DC=pcm,DC=gov,DC=pt
samAccountName: NULL
objectGUID: 0x943F767C7855454F90B7663D5A900827
Manager: NULL
I updated the datasource in k2Server.Config with the trusted domain and restarted tehe service.
In Service manager, I can get users and groups for the first domain, nothing for the second (trusted domain). What am I doing wrong?
+9
Do you have a copy of the DataSources XML tags configured in your K2Server.config?
Also, is the foreign domain configured to trust the domain that your K2 Server belongs to? This is required if the foreign domain is to allow queries from your K2 server.
+5
Yes, the foreign domain is trusted. Both Sharepoint 2007 and .Net applications can authenticate the trusted domain users.
DataSources in K2Server.Config:
<DataSources>
<DataSource Path="LDAP://DC=sg,DC=pcm,DC=gov,DC=pt" NetBiosName="SGPCM" Type="ActiveDirectory" />
<DataSource Path="LDAP://cn=ForeignSecurityPrincipals,DC=SG,DC=PCM,DC=GOV,DC=PT" NetBiosName="RING" Type="ActiveDirectory" />
</DataSources>
the second datasource is the trusted domain. The first one works fine.
+9
Your second domain path doesn't look right. I have not ever seen a domain path that contains a cn value.
To verify this, you could download a LDAP browser tool from the web and double check that you can connect to this path.
+5
I'll try to find the correct path. Meanwhile, with the correct path, I think I will have another problem, the authentication for each domain is made with different users from each domain. How will k2 be able to authenticate users or access user information for both domains simultaneously?
+9
As long as you have the proper LDAP datasource configured correctly in your K2Server.config file and also the proper 2-way transitive trust relationship between domains. It should work for users in both domains.
Reply
View our Community Site Map
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.