I’‘ve tested that too. When setup to the parent, it wasn’'t authenticating users from the child domain.
From the sources I’'ve seen that Jive first seeks the user, but when the user belongs to a child domain that is handled by a different server the LDAP answer is not the actual baseDN of the user but a referral. Jive then appends the baseDN from the config file again to this value and tries the authentication.
user DN is “cn=user name, cn=users, dc=child,dc=example,dc=com”.
baseDN in the config file is “dc=example,dc=com”
“dc=child,dc=example,dc=com” is handled by server.child.example.com.
The LdapManager.java:findUserDN(username) will return (instead of user DN) “ldap://server.child.domain:389/CN=User Name, CN=Users, dc=child, dc=example, dc=com”
then in checkAuthentication(userDN, password) in the same file we have env.put(Context.SECURITY_PRINCIPAL, userDN + “,” + baseDN);
so the SECURITY_PRINCIPAL will be “ldap://server.child.domain:389/CN=User Name, CN=Users, dc=child, dc=example, dc=com,dc=example,dc=com”
There is no way the LDAP server will authenticate this.