I have two domains domain1.corp.com and domain2.corp.com that share a trust relationship. I have a third party network access control system that periodically sniffs kerberos traffic to obtain user credentials and spot check/implement access rules on the connection. This tool does no authentication in and of itself, it merely passively sniffs traffic. It is only capable of defining a single LDAP source for its lookups.
I would like to query for account properties on domain2 via an LDAP query against domain1. Specifically, we interrogate the memberOf properties to look for specific network access groups. Is this possible without some sort of LDAP front end?