How possible is it to connect LDAP with two DC

Dear Experts,

We have a library system called KOHA that uses ldap to connect to AC, only one server can be set on its ldap configuration to connect to active directory server.
We have two Active directory for different departments, how to make it to connect to both servers, is it done through windows, or has to be through LDAP

thanks
uknet80Asked:
Who is Participating?
 
x-menConnect With a Mentor IT super heroCommented:
if there are 2 distinct ADs, you'll need 2 connections because the root of the LDAP path is diferent
0
 
x-menIT super heroCommented:
If there is a trust relation between the domains, connect ot the one that is trusted by the other
0
 
khairilConnect With a Mentor Commented:
Hi,

If the domain is in same forest then make them both GC (global catalog).
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
uknet80Author Commented:
Although I am not so familiar with windows trust relation, I would say there is trust between both servers as from one server I can connect to other AD.

If there is trust relation between both active directory A and B, and can connect from server A to B, then if I specify under LDAP client only Server A setting I should be able to connect to Active directory users on B Server.  Is that correct?



0
 
khairilConnect With a Mentor Commented:
It still depend on how the client try to connect, having trust will make the authentication request some sort like "redirect" to other server.

But chaging the AD infra comes with risk, BIG RISK, in some situation it will break other things. It is better for you to change the KOHA checkpw class and extend the KOHA config for second LDAP (You can also hard coded the checkpw class).

This article is on KOHA problem with CN, you must repeat line 21 to 99 for different LDAP servers. This require you to have some PHP programming skill.

Other way to do is using LDAP proxy with multi sources, here is something on it, http://www.novell.com/communities/node/8637/ldap-proxy-server-multiple-sources and here is how on KOHA with LDAP proxy (you still need a lot of modification to do), http://blog.rot13.org/2009/03/virtual_ldap_rewrite_or_augment_data_on_the_fly.html 

If you ask me what I will do? I cannot do Perl, and most likely I will chose to modified the calss.
0
 
uknet80Author Commented:
it look a bit complicated but I will go through it,
thanks
0
All Courses

From novice to tech pro — start learning today.