Highlighted
cadencep45
2 Iron

multi domain ldap question

I have the following config

LDAP domain A where unity array is proposed to lie.

LDAP domain B where a number of CIFS/unix users reside

Domain A has a one way trust to Domain B.

Can unity array join domain A but resolve users in domain B for file access ?

The reason for this are convoluted security issues, so saying simply join unity array to LDAP domain B will not fly

Tags (1)
0 Kudos
3 Replies
Rainer_EMC
5 Rhenium

Re: multi domain ldap question

I assume you really mean Active Directory domains since thats what we join - not LDAP domains

sure - as long as the trust is in the right direction

A one-way incoming trust allows users in your (trusted) domain to be authenticated in the other (trusting) domain, whereas a one-way outgoing trust allows users in the other (trusted) domain to be authenticated in your (trusting) domain.


more info available from Microsoft:


Trust Technologies: Domain and Forest Trusts | Microsoft Docs

cadencep45
2 Iron

Re: multi domain ldap question

so how can we do two things;

1. do a network capture of the user authentication to see what is happening when it denies access.

2. Is there a way of testing whether access is allowed/denied to a file and if denied where in the process it is denied like server_cifssupport <movername> --accessright ( yes I know its a VNX command )

0 Kudos
Rainer_EMC
5 Rhenium

Re: multi domain ldap question

sure -  similar command is available on Unity and called svc_cifssupport

0 Kudos