I have two realms A and B. In this case, realm A is Resolver LDAP and B is Resolver AD. When i try authen “POST /validate/check” always check realm A, that why i can not login. So how to config policy which can allow check more than a realm ?
Anyone can help me. Thank you so much !
There is only one default realm. If you only specify the username, this user will be looked up in this default realm. Obviously your default realm is realm A.
Read this about the concepts of realms: https://privacyidea.readthedocs.io/en/latest/configuration/realms.html
How about two resolver in one realm ? Even when i put 2 resolver ldap and ad into one realm then set priority. “Post/validate/check” too only check top priority.
Explain in more detail the configuration of your resolvers.
What do you mean by this. Explain in more detail.
I mean, if I have a realm is A, in realm A got two resolvers is LDAP and AD. With LDAP be set to priority 1, AD 2. When I use a user from resolver AD to VPN, I can not log in. “Post/validate/check” always check resolver with priority is highest
Did you read the link about realms and user resolving I posted earlier?
In there you will learn, that resolving works this way, that privacyIDEA first tries to find the user in the first resolver. If it finds the user there, it will not look for the user in the 2nd resolver.
So everythings works as designed. Or you need to provide more info.
I got it, thank you so much !