IGC authentication through LDAP failed multiple domains

A forum for discussing DataStage<sup>®</sup> basics. If you're not sure where your question goes, start here.

Moderators: chulett, rschirm, roy

Post Reply
metadatamen
Premium Member
Premium Member
Posts: 42
Joined: Wed Oct 26, 2016 8:38 am

IGC authentication through LDAP failed multiple domains

Post by metadatamen »

Hi,

We have setup IGC/Service-tier to connect to Windows Active Directory through LDAP. The AD forest has multiple subdomains.
A normal user have one unique ID/account across the AD forest (that is, no same user appears in more than one AD subdomain) and authentication into IGC was successful.

We have some users who's same ID is under two of the subdomains, and they are encountering authentication error. I do see the user is listed twice under Admin Console page.

Therefore, I'm wondering if IGC/Service-tier somehow "flattens" the user ID (USER@REALM becomes USER) during the authentication through LDAP ?

I'm guessing maybe IGC/service-tier picks the user at REALM_1 from LDAP search to authenticate, but the user is entering password for REALM_2.

Thanks,
ray.wurlod
Participant
Posts: 54607
Joined: Wed Oct 23, 2002 10:52 pm
Location: Sydney, Australia
Contact:

Post by ray.wurlod »

You might consider specifying a Bind DN so that the search in AD is constrained only to REALM1 (or to REALM2).
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Post Reply