Michael Wrightson Posted July 30, 2018 Share Posted July 30, 2018 We have set up a multiple trusted forest setup on our AD's as we have three major companies being integrated into one, but the AD integration isn’t planned for a while, but need to run LDAP on different domains so that all our customers can login and raise support calls. Any advice how I can complete this, we have successfully working on one domain but need help getting it to work on the other two. Link to comment Share on other sites More sharing options...
Gerry Posted July 30, 2018 Share Posted July 30, 2018 I presume when you are talking about LDAP you are actually talking about SSO using SAML 2.0, our service does not support LDAP authentication. It depends on your setup. One way is to set up trust between your domains and allow users to authenticate on one domain from another (I am not an expert on AD but I am pretty sure this is possible). The second option would be to configure Hornbill with multiple SSO profiles, one for each domain, this will effectively require your user to select their domain when logging in/authenticating to use Hornbill which is less optimium as it relies on your users to know which domain/iDP to select, naming the profiles correctly obviously has an impact here. Hornbill is not doing anything special here, its just a cloud service using your federated identity provider for authentication, I would suggest your question might be better directed at your interal AD team who should already have a good understanding of SSO and federated identity services. Gerry Link to comment Share on other sites More sharing options...
Gerry Posted July 30, 2018 Share Posted July 30, 2018 Hmm, Sorry for my confusion - having just re-read the title, configuring LDAP imports from multiple data sources is pretty simple, you effectively run a different import for each domain. So if you look at your current import configuration, create copies, one for each domain and run them in sequence, one after the other. Alternatively, if configured correctly, it should be possible to query the LDAP structure and get all users in one import cycle, but that will require quite a lot of knowledge about how your AD structure has been built in order to identify the correct query. Gerry Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now