Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How possible is it to connect LDAP with two DC

Posted on 2011-09-21
6
Medium Priority
?
407 Views
Last Modified: 2012-05-12
Dear Experts,

We have a library system called KOHA that uses ldap to connect to AC, only one server can be set on its ldap configuration to connect to active directory server.
We have two Active directory for different departments, how to make it to connect to both servers, is it done through windows, or has to be through LDAP

thanks
0
Comment
Question by:uknet80
  • 2
  • 2
  • 2
6 Comments
 
LVL 18

Accepted Solution

by:
x-men earned 668 total points
ID: 36572467
if there are 2 distinct ADs, you'll need 2 connections because the root of the LDAP path is diferent
0
 
LVL 18

Expert Comment

by:x-men
ID: 36572476
If there is a trust relation between the domains, connect ot the one that is trusted by the other
0
 
LVL 13

Assisted Solution

by:khairil
khairil earned 1332 total points
ID: 36572514
Hi,

If the domain is in same forest then make them both GC (global catalog).
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Comment

by:uknet80
ID: 36579521
Although I am not so familiar with windows trust relation, I would say there is trust between both servers as from one server I can connect to other AD.

If there is trust relation between both active directory A and B, and can connect from server A to B, then if I specify under LDAP client only Server A setting I should be able to connect to Active directory users on B Server.  Is that correct?



0
 
LVL 13

Assisted Solution

by:khairil
khairil earned 1332 total points
ID: 36581595
It still depend on how the client try to connect, having trust will make the authentication request some sort like "redirect" to other server.

But chaging the AD infra comes with risk, BIG RISK, in some situation it will break other things. It is better for you to change the KOHA checkpw class and extend the KOHA config for second LDAP (You can also hard coded the checkpw class).

This article is on KOHA problem with CN, you must repeat line 21 to 99 for different LDAP servers. This require you to have some PHP programming skill.

Other way to do is using LDAP proxy with multi sources, here is something on it, http://www.novell.com/communities/node/8637/ldap-proxy-server-multiple-sources and here is how on KOHA with LDAP proxy (you still need a lot of modification to do), http://blog.rot13.org/2009/03/virtual_ldap_rewrite_or_augment_data_on_the_fly.html 

If you ask me what I will do? I cannot do Perl, and most likely I will chose to modified the calss.
0
 

Author Closing Comment

by:uknet80
ID: 36889988
it look a bit complicated but I will go through it,
thanks
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question