So, I have a setup with an AD and a eDirectory. The primary
authentication source is the AD, and Kerberos is enabled. I have around
1500 users in the AD and around 2700 in my eDirectory. What I want is
for AD to be the primary source, and if it is not possible to
authenticate the user with a Kerberos ticket(because he might not even
my present in AD), it should fallback to my eDirectory, and show the
good old Access Manager login screen, and authenticate the user again
the eDirectory instead of the AD. All the AD users are present in
eDirectory, but not the other way around. As far as I can see, this is
not done easily, or am I wrong?

Thanks in advance,


jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=49494