using multiple ldap servers for authentication
We are still on Service Manager v9.21. We have been using ldap authentication using our Microsoft Active directory. We specified ldapbinddn and ldapbindpass parameters to bind to our LDAP server and use the ldapauthenticateonly parameter set.
We merged with another company that has their own Microsoft Active directory. We have a trust relationship with their Active Directory.
They want their users to be able to log into Service Manager now. I know that in the sm.ini file, you can specify multiple ldap servers by user ldapserver1, ldapserver2, etc.
However, how would I specify the ldapbinddn and ldapbindpass parameters for the second or their ldapserver? Furthermore, what about the operator file level mapping? How would I be able to specify 2 different ldapservers there?
We don't have anonymous binds allowed for our ldap server due to security reasons.
Thanks in advance,
Re: using multiple ldap servers for authentication
From another forum post:
to use multiple LDAP for different clients, we need to connect to a top-level domain server that can route to the lower level domains. Alternatively, you'd need to add aliases to one of the systems so that SM could find all operators in that one AD domain. You will need to change on your sm.ini file. Here are some posts about multiple ADs for SM:
In version 9.32 and above, it is possible to configure a horizontally scaled environment so that different SM application servers can authenticate to different LDAP Domains. I have not configured this since the functionaltiy was introduced, but it was described in the release notes as follows:
If you wish to authenticate SM users that belong to different domains or sub domains, you can deploy multiple LDAP servers that belong to the corresponding domains, and then set up a horizontal scaled (HS) cluster.
By proper configuration,
--users belonging to Domain 1 can directly connect to server node 1 and be authenticated by LDAP server 1,
--users belonging to Domain 2 can directly connect to server node 2 and be authenticated by LDAP server 2.
Hence, they can share the same database while at the same time be authenticated for their domain.