Release Automation

  • Private Community
 View Only

  • 1.  Is it possible to configure secondary LDAP for users authentication ?

    Posted Mar 16, 2017 05:28 AM

    I plan to build high availabilty architecture. I need to know if Is it possible to configure secondary LDAP for users authentication ?



  • 2.  Re: Is it possible to configure secondary LDAP for users authentication ?

    Posted Mar 16, 2017 08:21 AM

    Can you explain what do you refer for secondary LDAP? LDAP server , LDAP domain?

    Also are you using Microsoft AD or other LDAP system?



  • 3.  Re: Is it possible to configure secondary LDAP for users authentication ?

    Broadcom Employee
    Posted Mar 27, 2017 06:26 PM

    Hi Florent,

     

    We haven't heard back from you in a while -- Have you had a chance to review Jacky's question?



  • 4.  Re: Is it possible to configure secondary LDAP for users authentication ?
    Best Answer

    Broadcom Employee
    Posted Apr 12, 2017 09:43 AM

    Hi Florent

     

    With RA 6.3 latest build 9840 it is possible to configure multiple AD ldap domains in in your

    distributed.properties file

    This should look like

    use.active.directory.authentication=true # This is only set once. 

     

    use.active.directory.domain=testdom.ca.com 
    use.active.directory.url=ldap:/ldapserver/:389 

    use.active.directory.user.username=administrator@testdom1.ca.com 

    use.active.directory.user.password=.... 

     

    use.active.directory.domain.1=testdom1.ca.com 
    use.active.directory.url.1=ldap://ldapserver1:389 
    use.active.directory.user.username.1=administrator@testdom1.ca.com 
    use.active.directory.user.password.1=.... 

     

    use.active.directory.domain.2=testdom2.ca.com 
    use.active.directory.url.2=ldap:/ldapserver2:389 
    use.active.directory.user.username.2=administrator@testdom2.ca.com 
    use.active.directory.user.password.2=... 

     

    Some additional information

    If this is a active directory forest the first entry in the domain list needs to be the root domain and instead of connecting to the local domains ldap server we need to connect to the global catalog on port 3268

    all other domains connect to there ldap port on 389 .

     

    use.active.directory.domain=ca.com 
    use.active.directory.url=ldap:/ldapserver/:3268 

    use.active.directory.user.username=administrator@testdom1.ca.com 

    use.active.directory.user.password=.... 

     

    use.active.directory.domain.1=testdom1.ca.com 
    use.active.directory.url.1=ldap://ldapserver1:389 
    use.active.directory.user.username.1=administrator@testdom1.ca.com 
    use.active.directory.user.password.1=.... 

     

    use.active.directory.domain.2=testdom2.ca.com 
    use.active.directory.url.2=ldap:/ldapserver2:389 
    use.active.directory.user.username.2=administrator@testdom2.ca.com 
    use.active.directory.user.password.2=... 

     

     

    Regards Dirk