How possible is it to connect LDAP with two DC

Posted on 2011-09-21
Last Modified: 2012-05-12
Dear Experts,

We have a library system called KOHA that uses ldap to connect to AC, only one server can be set on its ldap configuration to connect to active directory server.
We have two Active directory for different departments, how to make it to connect to both servers, is it done through windows, or has to be through LDAP

Question by:uknet80
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 18

Accepted Solution

x-men earned 167 total points
ID: 36572467
if there are 2 distinct ADs, you'll need 2 connections because the root of the LDAP path is diferent
LVL 18

Expert Comment

ID: 36572476
If there is a trust relation between the domains, connect ot the one that is trusted by the other
LVL 13

Assisted Solution

khairil earned 333 total points
ID: 36572514

If the domain is in same forest then make them both GC (global catalog).
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.


Author Comment

ID: 36579521
Although I am not so familiar with windows trust relation, I would say there is trust between both servers as from one server I can connect to other AD.

If there is trust relation between both active directory A and B, and can connect from server A to B, then if I specify under LDAP client only Server A setting I should be able to connect to Active directory users on B Server.  Is that correct?

LVL 13

Assisted Solution

khairil earned 333 total points
ID: 36581595
It still depend on how the client try to connect, having trust will make the authentication request some sort like "redirect" to other server.

But chaging the AD infra comes with risk, BIG RISK, in some situation it will break other things. It is better for you to change the KOHA checkpw class and extend the KOHA config for second LDAP (You can also hard coded the checkpw class).

This article is on KOHA problem with CN, you must repeat line 21 to 99 for different LDAP servers. This require you to have some PHP programming skill.

Other way to do is using LDAP proxy with multi sources, here is something on it, and here is how on KOHA with LDAP proxy (you still need a lot of modification to do), 

If you ask me what I will do? I cannot do Perl, and most likely I will chose to modified the calss.

Author Closing Comment

ID: 36889988
it look a bit complicated but I will go through it,

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question