K2 Underground » K2.net 2003 Forums » K2.net 2003 Solutions » Domain Trust
Domain Trust

Last post 05-09-2008, 1:41 PM by johnny. 7 replies.
Sort Posts: Previous Next

  •  05-07-2008, 8:59 AM 23669

    Domain Trust

    In service manager I canĀ“t access the users and groups of a foreign domain using a Inbound Trusted Relationship. 
     
    Filed under: ,

  •  05-07-2008, 10:55 AM 23675 in reply to 23669

    Re: Domain Trust

    Did you modify the K2Server.config to add the foreign domain as a data source?

    See http://k2underground.com/forums/thread/7349.aspx

  •  05-07-2008, 11:41 AM 23682 in reply to 23675

    Re: Domain Trust

    In Sql Server I have a linked Server connected to the Active Directory and this query to the foreign Security Principals:

    SELECT Name, ADsPath, samAccountName, objectGUID, Manager
    FROM OPENQUERY(ADSI,
    'SELECT Name, ADsPath, samAccountName, objectGUID, Manager
    FROM ''LDAP://cn=ForeignSecurityPrincipals,DC=SG,DC=PCM,DC=GOV,DC=PT''
    ') AS Rowset_1

    Query Results records with the following format:
    Name: S-1-5-11
    ADsPath: LDAP://CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=sg,DC=pcm,DC=gov,DC=pt
    samAccountName: NULL
    objectGUID: 0x943F767C7855454F90B7663D5A900827
    Manager: NULL

    I updated the datasource in k2Server.Config with the trusted domain and restarted tehe service.

    In Service manager, I can get users and groups for the first domain, nothing for the second (trusted domain). What am I doing wrong?

  •  05-07-2008, 11:47 AM 23684 in reply to 23682

    Re: Domain Trust

    Do you have a copy of the DataSources XML tags configured in your K2Server.config?

    Also, is the foreign domain configured to trust the domain that your K2 Server belongs to?  This is required if the foreign domain is to allow queries from your K2 server.

  •  05-07-2008, 12:30 PM 23688 in reply to 23684

    Re: Domain Trust

    Yes, the foreign domain is trusted. Both Sharepoint 2007 and .Net applications can authenticate the trusted domain users.

    DataSources in  K2Server.Config:

     <DataSources>
        <DataSource Path="LDAP://DC=sg,DC=pcm,DC=gov,DC=pt" NetBiosName="SGPCM" Type="ActiveDirectory" />
        <DataSource Path="LDAP://cn=ForeignSecurityPrincipals,DC=SG,DC=PCM,DC=GOV,DC=PT" NetBiosName="RING" Type="ActiveDirectory" />
      </DataSources>

     the second datasource is the trusted domain. The first one works fine.

  •  05-08-2008, 2:04 PM 23721 in reply to 23688

    Re: Domain Trust

    Your second domain path doesn't look right.  I have not ever seen a domain path that contains a cn value.

    To verify this, you could download a LDAP browser tool from the web and double check that you can connect to this path.

  •  05-08-2008, 3:13 PM 23726 in reply to 23721

    Re: Domain Trust

    I'll try to find the correct path. Meanwhile, with the correct path, I think I will have another problem, the authentication for each domain is made with different users from each domain. How will k2 be able to authenticate users or access user information for both domains simultaneously?

  •  05-09-2008, 1:41 PM 23746 in reply to 23726

    Re: Domain Trust

    As long as you have the proper LDAP datasource configured correctly in your K2Server.config file and also the proper 2-way transitive trust relationship between domains.  It should work for users in both domains.
View as RSS news feed in XML