I have an ACS v4.2 from which I try to access an ADS LDAP directory. When I use "CN=Users,DC=Domain,DC=com" as the baseDN for the users and the groups everything works as it should. When I change the base DN to "DC=Domain,DC=com" only, then the ACS is not able to find any users or groups. Even when trying to configure the group mappings he claims: "LDAP Server NOT reachable. Please check the configuration.". Using an LDAP browser I don't have any issues accessing the directory from the shorter baseDN.
Is this a v4.2 related problem or a general ACS problem?
The point is that I need to find users in different OU's, which are based directly under the domain name, so that I need to search for them starting from "DC=Domain,DC=com". I know that with "Generic LDAP" I can make severeal "Databsae Configurations" to resolve the issue with the OU's. But not with a "RSA SecurID Token and LDAP Group Mapping" setup. There is only possible to have one LDAP group mapping configuration.
Any input would be greatly appreciated.