We're trying to transition to using Active Directory instead of
eDirectory for user authentication, but I haven't really found any solid
documentation on setting it up, so I'm running into a few issues.

The main one is that it seems like I need a server in each domain for
the look up, or it won't authenticate users. So, even though a server in
domain A can see all the users in domain B, if I only have the server in
domain A in the server replicas, users in domain B can't authenticate.
Is that normal or am I missing something?

Second is that I'm unclear what rights are needed for a user to be the
admin user for ldap lookup. Documentation says objectGUID and
SAMAcountName, but how to assign those rights seems unclear. Granted,
I'm not an expert on AD. In the meantime we've been using an admin user
to test things but would rather use a user that only has the necessary

This is using 3.0.4


jrozen2's Profile: http://forums.novell.com/member.php?userid=6418
View this thread: http://forums.novell.com/showthread.php?t=449305