Hello,
I have AD-LDS running and I have successfully combined (2) active directory domains from different forests into a single AD-LDS instance using proxyUser as the attribute. These domains have a trust between them.
I want to add another domain, bringing the total consolidated domains to (3) total Active Directories…however, the 3rd domain does not have a trust. In fact, we only have access to the 3rd domain using LDAP or LDAPS which I think should be good enough. I have successfully installed the configuration file for this directory, I have extended the schema and used schema-analyzer to make sure that there are not unknown properties in the target (AD-LDS) directory. HOWEVER…when I run the sync, I get a list of all objects in the directory being processed, ending with:
Ldap error occured. ldap_add_sW: Unwilling To Perform.
Extended Info: 000020E7: SvcErr: DSID-03152DB9, problem 5003 (WILL_NOT_PERFORM), data 1317
Ldap error occured. ldap_add_sW: Unwilling To Perform.
Extended Info: 000020E7: SvcErr: DSID-03152DB9, problem 5003 (WILL_NOT_PERFORM), data 1317
Research in some forums have suggested that this is because there is no reference to the sID referenced in the userProxy object because of a missing trus; trust the domain, and now there is a link that can be verified using the SID that is finds through the trust.
Has anyone ever used userProxy objects with OpenFire in AD-LDS and synced from domains that were not trusted?