Foros de discusión

Using AD Global Catalog in LDAP configuration

Andrea Colajacomo, modificado hace 7 años.

Using AD Global Catalog in LDAP configuration

New Member Mensajes: 9 Fecha de incorporación: 19/03/13 Mensajes recientes
Hi,
anyone knows if it is possible to use global catalog in LDAP configuration ?
If it's possible does anyone knows the right steps to proceed ?

We have Liferay 6.2 CE

Thanks
Bye
Andrea
thumbnail
David H Nebinger, modificado hace 7 años.

RE: Using AD Global Catalog in LDAP configuration

Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
The general response is as long as it presents itself as an LDAP server and responds to properly formatted LDAP queries, then sure.

Since GC does present itself as LDAP you should be fine, even for authentication purposes.

The one aspect you might want to consider, though, is your import strategy. Since you're fronting a forest of domain servers it's likely that you have a pretty high user count. This can cause you problems if you use an import on startup or timed import. You might be better served falling back to import on login so you're only pulling folks into Liferay on an as-needed basis rather than trying to deal with bulk import.

Export may prove problematic; I'm not sure if GC would be able to propagate changes back to the appropriate domain server, but honestly I haven't tried export on GC so I have no idea if it will work or is supported. It may be just fine for all I know.







Come meet me at the LSNA!
Andrea Colajacomo, modificado hace 7 años.

RE: Using AD Global Catalog in LDAP configuration

New Member Mensajes: 9 Fecha de incorporación: 19/03/13 Mensajes recientes
Thank you David,
we don't have Import enabled, so the users area created only when they try to access.
I'm trying to investigate the use of GC for a problema regarding the membership cross domain on an AD group, group that is used to give access to particular areas.
Coming back to GC, do you know witch kind of info we need to insert in the LDAP configuration form ?
An url like this ldap://mycompany.intranet is still right ?

We need to use different port ?

I nee to know witch kind of info I need to ask to AD people.

Bye
Andrea
thumbnail
David H Nebinger, modificado hace 7 años.

RE: Using AD Global Catalog in LDAP configuration

Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
My understanding is you fill out the LDAP configuration for GC as if you were connecting to a single AD instance.

So yeah, you need the ldap URI, you'll need credentials, base DNs, etc.






Come meet me at the LSNA!