Previous Topic Next topic Print topic

Micro Focus Enterprise Developer 2.3 for Eclipse > Deployment > Configuration and Administration > Enterprise Server Security > Securing an Enterprise Server Installation > Configuring Security using Active Directory > Configuring Windows Users as Enterprise Server Administrators > Configuring ES and AD > Restrictions > User Search Order

User Search Order

The OS ESM module uses the Windows LogonUser function to verify a user's credentials (username and password), in the following manner:

  1. Try LogonUser with the username and password, and the domain parameter set to ".", which means to search the local system.
  2. If that fails, call LookupAccountName to try to find the domain in which the user is defined. According to Microsoft's documentation, this will first search well-known names, then local accounts, then the primary domain, then other trusted domains, and then (for Windows 2000 and later) the domain forest.
  3. If LookupAccountName succeeds, try LogonUser again with the domain returned by LookupAccountName.

If a user is defined in multiple places on that search list, the OS ESM module only tries to authenticate the user in the first one it finds. Normally this will have the expected behavior (much like logging on to Windows conventionally), but in a complex domain configuration situation it could produce confusing results.

Currently there is no provision for forcing a particular domain or changing the search order. Those options may be added in later releases.

Parent topic: Restrictions
Previous Topic Next topic Print topic