Solved

How possible is it to connect LDAP with two DC

Posted on 2011-09-21
6
404 Views
Last Modified: 2012-05-12
Dear Experts,

We have a library system called KOHA that uses ldap to connect to AC, only one server can be set on its ldap configuration to connect to active directory server.
We have two Active directory for different departments, how to make it to connect to both servers, is it done through windows, or has to be through LDAP

thanks
0
Comment
Question by:uknet80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 18

Accepted Solution

by:
x-men earned 167 total points
ID: 36572467
if there are 2 distinct ADs, you'll need 2 connections because the root of the LDAP path is diferent
0
 
LVL 18

Expert Comment

by:x-men
ID: 36572476
If there is a trust relation between the domains, connect ot the one that is trusted by the other
0
 
LVL 13

Assisted Solution

by:khairil
khairil earned 333 total points
ID: 36572514
Hi,

If the domain is in same forest then make them both GC (global catalog).
0
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

 

Author Comment

by:uknet80
ID: 36579521
Although I am not so familiar with windows trust relation, I would say there is trust between both servers as from one server I can connect to other AD.

If there is trust relation between both active directory A and B, and can connect from server A to B, then if I specify under LDAP client only Server A setting I should be able to connect to Active directory users on B Server.  Is that correct?



0
 
LVL 13

Assisted Solution

by:khairil
khairil earned 333 total points
ID: 36581595
It still depend on how the client try to connect, having trust will make the authentication request some sort like "redirect" to other server.

But chaging the AD infra comes with risk, BIG RISK, in some situation it will break other things. It is better for you to change the KOHA checkpw class and extend the KOHA config for second LDAP (You can also hard coded the checkpw class).

This article is on KOHA problem with CN, you must repeat line 21 to 99 for different LDAP servers. This require you to have some PHP programming skill.

Other way to do is using LDAP proxy with multi sources, here is something on it, http://www.novell.com/communities/node/8637/ldap-proxy-server-multiple-sources and here is how on KOHA with LDAP proxy (you still need a lot of modification to do), http://blog.rot13.org/2009/03/virtual_ldap_rewrite_or_augment_data_on_the_fly.html 

If you ask me what I will do? I cannot do Perl, and most likely I will chose to modified the calss.
0
 

Author Closing Comment

by:uknet80
ID: 36889988
it look a bit complicated but I will go through it,
thanks
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question