|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
Customer is using Active Directory in the Production environment and is working as expected. They tried to use LDS in QA environment. Production environment is using a single domain for authentication and the new environment needs to authenticate between two different domains.
To accomplish this when AA cannot check two different domains, they decided to use LDS which synchronizes objects from multiple domains into a single domain.
Now they are migrating from two legacy domains into one new domain. The LDS instance contains objects from all three domains and the objects can be queried as ‘user-proxy’ to properly authenticate; object ‘user’ does not contain all the required attributes.
|Cause||LDS instance with the specified configuration is not supported. Customer needs the same structure and proper role with permission as defined in the document to access modules of AAOP.|
|Resolution||RSA Engineering suggests creating the same structure as mentioned in documentation to access LDAP.|
|Notes||LDAP integration in AAOP does not support multiple LDAP either.|