Re: is the AD LDAP interface domain trust aware?

Absolutely, had AD/AM been around when I had to help those folks out, I definitely would have pushed for it.

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Joe Kaplan (MVP - ADSI) wrote:
This might also be the kind of thing that you could use ADAM and MIIS to support. Essentially, you build the forest you need for your Windows stuff, and then for your apps that need a flat namespace, you sync the appropriate goo to ADAM and do your authentication and authorization against it.

Using the GC first is probably better if it will work as it doesn't require any of that additional complexity, but I can definitely imagine some situations where using ADAM would make things much more simple (or even just "possible").

Joe K.


"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message news:O47RQnbSFHA.2136@xxxxxxxxxxxxxxxxxxxxxxx

Websphere against a multidomain environment can be a pain in the ***, a couple of years ago I worked a little with integration analysts at a Fortune 5 company trying to do it.

Depending on the information you need to pull, you may be ok as long as you only let websphere hit Global Catalogs. Basically the info has to be in the GC. If the information is not in the GC, you will need to query a DC of the proper domain to get the information needed.

 joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


David Burghgraeve wrote:

Hi there,

We're thinking out a concept for our company with forests and/or child-domains. We now have a single domain (internationally) for all of our client infrastructure needs. As we also incorporated our Linux Websphere Java Applications in this same Active Directory Domain (Windows2003 NATIVE mode) with Authentication and authorisation through LDAP,
we're now heading to a situation that our company growth & complexity doesn't match our "one domain security" setup anymore.

If I create a new domain beside or as a child domain (transitive trusts), can I use LDAP query's on this 2 domain situation on one domain controller (as LDAP config cannot choose it's LDAP server, is a fixed security config) 



.