Sharepoint Authentication between two domains

To the Experts,

I have a question which may be complex. Here is my situation: we are currently running WSS 3.0 and need to upgrade WSS to Sharepoint 2010. At the same time, we will be upgrading the servers to Windows 2008 R2 and use SQL Server 2008 R2. This is no problem at all. However, my company has two network domains. One is the main network domain while the other network domain is considered a developmental network for engineers and programmers.

By stating this, the main network is locked down. The other network is more flexible and would not require us to jump through hoops in terms of upgrading the software and hardware. For testing purposes, I set up a test Sharepoint 2010, SQL Server 2008, and Win 2008 servers on the development network. The issue that I ran into is when I want to access the Sharepoint site or download/upload documents from the main network, I have to use a local computer account (created on the Sharepoint server) to access the site.

The current WSS 3.0 site (runs on the main network) uses LDAP for user/group authentication. My question is how or what can I use to possibly integrate LDAP user/group authentication from the main network for the Sharepoint 2010 site being hosted on the developmental network? Any suggestions or third party software that could do this would be great.

Thanks,
Todd
thef284Asked:
Who is Participating?
 
Justin SmithSr. System EngineerCommented:
Why dont you just create user accounts for people in the Dev domain, and have them use those to log into the 2010 site?  The 2010 is just for testing anyways, right?  I'm assuming that "Dev" is an Active Directory environment??

The only option you have where users could use their Main credentials to authenticate in 2010 is to set up AD federation between the domains.  Seems way overkill and pointless though.
0
 
Justin SmithSr. System EngineerCommented:
Is there any type of AD trust currently between the Main and Dev domains?
0
 
Justin SmithSr. System EngineerCommented:
Does the Main SharePoint site truly use an LDAP store for users and groups?  Or do you just mean, it uses Active Directory?
0
 
thef284Author Commented:
At this moment, there is no AD trust between the two domains. I do not forsee AD trust for these two domains in the future due to the company wanting to keep them separate.

The Main Sharepoint site uses AD authentication, not an actually LDAP store. Sorry for not clarifying that info for you.

Besides using AD for authentication, I wonder if there is a way for users to access the site with different credentials, enter those credentials, and then gain entry to sites/libraries based on the permissions specified for that user login? Kind of similar to using a local user account, but instead of having to type in your credentials every time you want to upload/download a file, the credentials are remembered after initial login.

I am grasping at straws right now... :)
0
 
thef284Author Commented:
The 2010 is just for testing anyways, right?
Well, for the most part SP 2010 is for testing purposes. However, we will migrate WSS 3.0 to SP 2010 for production purposes starting in December 2012.

We can definitely setup an AD environment for the development network. But, it would be nice to have only one set of user credentials to be used than to make users use one set of credentials for the main network and another for the dev network.

However, this may be the route taken in which we setup an AD environment for the development network which will be used to create 300 user accounts for authentication with Sharepoint.

The whole point to move away from the main network is to give us more flexibility and control of the Sharepoint web design, functions, and administrative responsibilities such as backing up the Sharepoint farm.

I agree that we could setup AD federation, but the company would probably kill this idea since the dev network is considered less secure.

Thanks for your input... this confirms what I was thinking about doing, but wanted to make sure there was not another alternative.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.