We’re experiencing an issue with the Auth0 LDAP Connector when attempting to authenticate users from a child domain within the same Active Directory forest.
We have a forest with multiple domains:
-
Parent domain:
example.com -
Child domain:
ua.example.com -
he LDAP Connector is installed on a server in the parent domain, and is configured with the following:
-
LDAP_URL:ldaps://DCCE01.example.com:3269 -
LDAP_BASE:DC=example,DC=com -
username_field:userPrincipalName -
The domain controller (
DCCE01) is a Global Catalog (verified via PowerShell and GUI). -
We use
test89@ua.example.comas a test user. We verified via PowerShell (DirectorySearcher) that this user can be found usinguserPrincipalName.
Issue
Despite being searchable through LDAP using GC port 3269, the Auth0 LDAP Connector fails with:
user test89@ua.example.com: Authentication attempt failed. Reason: wrong username
Please help us determine why the connector is failing to authenticate users from a trusted child domain, even though they are present in the Global Catalog and searchable by userPrincipalName.
Would appreciate any insight, debug suggestions, or additional settings we may have missed.