000037551 - LDS LDAP not supported for Backoffice Authentication in RSA Adaptive Authentication (OnPrem)

Document created by RSA Customer Support Employee on Jun 4, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037551
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x

Customer is using Active Directory in the Production environment and is working as expected. They tried to use LDS in QA environment. Production environment is using a single domain for authentication and the new environment needs to authenticate between two different domains.

To accomplish this when AA cannot check two different domains, they decided to use LDS which synchronizes objects from multiple domains into a single domain.

Now they are migrating from two legacy domains into one new domain. The LDS instance contains objects from all three domains and the objects can be queried as ‘user-proxy’ to properly authenticate; object ‘user’ does not contain all the required attributes.

CauseLDS instance with the specified configuration is not supported. Customer needs the same structure and proper role with permission as defined in the document to access modules of AAOP.
ResolutionRSA Engineering suggests creating the same structure as mentioned in documentation to access LDAP.
NotesLDAP integration in AAOP does not support multiple LDAP either.