Solved

How possible is it to connect LDAP with two DC

Posted on 2011-09-21
6
399 Views
Last Modified: 2012-05-12
Dear Experts,

We have a library system called KOHA that uses ldap to connect to AC, only one server can be set on its ldap configuration to connect to active directory server.
We have two Active directory for different departments, how to make it to connect to both servers, is it done through windows, or has to be through LDAP

thanks
0
Comment
Question by:uknet80
  • 2
  • 2
  • 2
6 Comments
 
LVL 18

Accepted Solution

by:
x-men earned 167 total points
ID: 36572467
if there are 2 distinct ADs, you'll need 2 connections because the root of the LDAP path is diferent
0
 
LVL 18

Expert Comment

by:x-men
ID: 36572476
If there is a trust relation between the domains, connect ot the one that is trusted by the other
0
 
LVL 13

Assisted Solution

by:khairil
khairil earned 333 total points
ID: 36572514
Hi,

If the domain is in same forest then make them both GC (global catalog).
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:uknet80
ID: 36579521
Although I am not so familiar with windows trust relation, I would say there is trust between both servers as from one server I can connect to other AD.

If there is trust relation between both active directory A and B, and can connect from server A to B, then if I specify under LDAP client only Server A setting I should be able to connect to Active directory users on B Server.  Is that correct?



0
 
LVL 13

Assisted Solution

by:khairil
khairil earned 333 total points
ID: 36581595
It still depend on how the client try to connect, having trust will make the authentication request some sort like "redirect" to other server.

But chaging the AD infra comes with risk, BIG RISK, in some situation it will break other things. It is better for you to change the KOHA checkpw class and extend the KOHA config for second LDAP (You can also hard coded the checkpw class).

This article is on KOHA problem with CN, you must repeat line 21 to 99 for different LDAP servers. This require you to have some PHP programming skill.

Other way to do is using LDAP proxy with multi sources, here is something on it, http://www.novell.com/communities/node/8637/ldap-proxy-server-multiple-sources and here is how on KOHA with LDAP proxy (you still need a lot of modification to do), http://blog.rot13.org/2009/03/virtual_ldap_rewrite_or_augment_data_on_the_fly.html

If you ask me what I will do? I cannot do Perl, and most likely I will chose to modified the calss.
0
 

Author Closing Comment

by:uknet80
ID: 36889988
it look a bit complicated but I will go through it,
thanks
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Periodically we have to update or add SSL certificates for customers. Depending upon your hosting plan you may be responsible for the installation and/or key generation. In the wake of Heartbleed many sites were forced to re-key. We will concen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now