I found problem about OnDemand integrate Microsoft AD. My scenario is describe below.
- ARS_LDAP_BIND_DN is CN=cmod,OU=Service Accounts,OU=Admins,DC=mycompany,DC=com
- ARS_LDAP_BASE_DN is DC=mycompany,DC=com
- My users in OU=Users,OU=IT,OU=mydepartment,DC=mycompany,DC=com
when I add user "user01" to OnDemand, this user is locate on "CN=user01,OU=Users,OU=IT,OU=mydepartment,DC=mycompany,DC=com"
This user will can not authenticate with AD. (I cannot logon both local OnDemand's password and AD's password)
But if I add user cmod (same user to bind LDAP) to OnDemand, I will can authen AD.
What I think is OnDemand cannot be access user01 across different sub-tree that bind user (User: cmod) is located.
How can I setup for this scenario to able authen both base "OU=Users,OU=IT,OU=mydepartment,DC=mycompany,DC=com" and "OU=Service Accounts,OU=Admins,DC=mycompany,DC=com"?