LF Directory server on DomainA. LF Server on DomainB. Two-way trust has been created. Identity provider has been created in LF Directory Server. We can add users from DomainB to LF Directory server on DomainA. We can synchronize users on LF Directory Server from DomainA. Ports on LF Directory server on DomainA are open (tested with Telnet from DomainA -- Ports 5048 and 5049).
Using the windows client: When attempting to add a LF Directory Server user in LF Server on DomainB (Laserfiche Directory Accounts) we receive an error "The security Identifier is not valid for Laserfiche [9048]" error. When searching for the user we receive "Server LDAP query could not be completed [9357]" error.
Using Web admin: When attempting to add the user we receive "Cannot connect to the Laserfiche Directory Server [9528]" error.
Event Viewer on LF Server on DomainB has multiple errors: Laserfiche Audit Service -- "Cannot connect to the Laserfiche Directory Service [9528]"
For our Identity Provider entry we have "Use the service account to query the directory server" set. Since the LFDS and LFServer are on different domains don't we need to specify credentials for an account on the LFDS AD? If that is our issue does this account need admin privs? Does the account need to be added to the DB security settings?