search cancel

Are there any limitations on using Active Directory as the LDAP server when configuring LDAP authentication?


Article ID: 54150


Updated On:


CA IT Asset Manager CA Software Asset Manager (CA SAM) ASSET PORTFOLIO MGMT- SERVER SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service CA Service Desk Manager CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager



CA Business Intelligence provides both Active Directory authentication and LDAP authentication separately. This document explains the limitations of using Active Directory as a LDAP server instead of using Active Directory authentication.


The following limitations apply, if LDAP is configured against Active Directory:

  1. You will be able to map your users, however, you will not be able to configure either single sign-on or single sign-on to the database.

  2. Users who are only members of a default groups from AD will not be able to log in successfully. Users must also be a member of another explicitly created group in AD and, in addition, this group must be mapped. An example of such a group is the "domain users" group.

  3. If a mapped domain local group contains a user from a different domain in the forest, the user from a different domain in the forest will not be able to log in successfully.

  4. Users from universal group from a domain different than the DC specified as the LDAP host will not be able to log in successfully.

It is recommended that Active Directory authentication be used separately to configuring AD with LDAP authentication.


Component: ARGIS