Enable LDAP cross-forest search

Specify whether to allow the Centrify Agent to query trusted domains and forests for transitive trust information. If you enable this policy by selecting the LDAP Cross-Forest Search box, the agent generates a krb5.conf that includes information from all trusted forests and can be used to authenticate cross-forest users to Kerberos applications. If you disable this policy, the agent does not query external trusted domains or forests for information.

By default, the configuration parameter set by this policy is Enabled.

Querying external trusted forests can take a significant amount of time if the other forests are blocked by firewalls. You may want to set this parameter to false if your trust relationships, network topology, or firewalls are not configured properly for access.

This group policy modifies the adclient.ldap.trust.enabled setting in the agent configuration file.