I have a question regarding authentication against multiple directories,
I have 3 user directories mapped to a domain A, B and C in the same order.
There are three users X, Y and Z present in user directory, A, B and C respectively with same user id and password.
Now when the user Y access the resource, from which user directory the user Y will be authenticated against?
Would really appreciate if the reply gives a more detailed explanation to the answer.
The order of the user directory defines which directory the user is authenticated against first.
Let me know if that clarifies your question.
My query is more towards three different users present in three different directories.
Users X, Y and Z present in A, B and C directories respectively and all three users have user id, usr1 and password pwd11.
The order in which the user directory is present is A, B and C in the domain.
Now when a user Y, who is present in B directory tries to access the resource it will be authenticated against A user directory 1st.
The user id with which Y has logged in is usr1 and the password is pwd11, the same user id password is present in A directory, and this user Y is not present in directory A.
So how will authentication work here?
Please let me know if I am able to explain the query properly, or else will try to re frame it accordingly.
If the user is found in a user store, it is authenticated against the same user directory.
So, as the user id for the user Y is found in user directory A, it will be authenticated against directory A.
Thank you for the response
I understand that Y would be authenticated against directory A, but that should not be the case as Y should only be authenticate against directory B.Can we rectify this behavior? Is there any we we can implement this solution so that user Y always authenticate against directory B?
Also, how the authorization would be handled for the user Y. As policy server would have full user DN of Y and then it can only be authorized against directory B?
This looks like a misconfiguration to me.
The only way to avoid this is by configuring your directory such that the users are found in only one directory ( may be possible by changing the search base/scope ?)