I am working on a business requirement which involves anonymous authentication. CA documentation says that a guest user should be created in user directory database and same should be configured in authentication scheme.
Now I have following business case:
Domain using anonymous authentication has 3 user directories cofigured for authentication.
1. UD1(LDAP): search in user branch 1 for e.g. cn=ssousers,o=example,dc=company,dc=com
2. UD2(LDAP): search in user branch 2 for e.g. cn=corpusers,o=example,dc=company,dc=com
Now following queries:
1. When we create anon scheme and do lookup, it gives an option to select a user directory. Let's say I select UD1 and locate user in cn=ssousers branch. So my auth scheme won't lookup user when user will be already authenticated from UD2.
Isn't it? So how should I use two user branches for same resource to do anonymous authentication?
Same will be case if I select UD2 to locate users. UD1 can't be used for authentication.
2. One possible solution I could think of was to create anonymous user in "dc=compnay,dc=com" for both Uds to locate users. But the problem is about Ud configuration. User directory lookup field is configured to look within ssousers OR corpusers branch. is there any way to control how user directories should serach users?
So if I select "DN: cn=anonymous,dc=company,dc=com" in anonymous authentication, how should I authenticate user from both Uds?
Let me know if anyone has suggestions.