I'm using AD LDAP authentication on my application (redmine, pfsense, ESXi, etc...)
I recently successfully made a two way trust relationship between my domain PARIS.france and a foreign domain BERLIN.germany. The domain trust relationship look's OK, DNS too, I can browse each domain without issues.
The next step is to allow users from that domain to authenticate on my application. So I did create a domain local group "application-access" in my A.D PARIS.france, containing user PARIS\Pierre and BERLIN\Otto
But when I try to log in on a web application, only Pierre works. Otto can't authenticate.
When I look further, I see in my group that Pierre has a SamAccountName, but Otto is a special kind of object ("this object is just a placeholder for a user or group from a trusted external domain") and doesn't have such an attribute. I guess that why it does not work? I can see the account in the ForeignSecurityPrincipal group.
Is what I want to achieve is possible? Does it require a special ldap query to configure in application?