You are viewing limited content. For full access, please sign in.

Question

Question

Directory Server Questions

Directory Server Licensing WebLink Administration Version 9
Updated July 29, 2015
asked on July 28, 2015

I guess I'm late to the Directory Server party and still have some basic questions.
Any help would be appreciated!


Do I need to update LF Server from 9.0 to 9.2 before I can use LF Directory Server?
Is Laserfiche Directory Server a replacement for Laserfiche License Manager.
Does Laserfiche Directory Server create licx files?
Is DS preferred over LLM and Laserfiche Activation Server?

Will we need to create a new Sql Server database or can it use our current Sql Server Laserfiche database?

Does Directory Server have a Web Administration Console and also a windows application?
(similar to the LF Administration Console?)

Most importantly:
We have two domains A and B with a one way trust. B is a DMZ which is trusted by A.
An account from domain A can authenticate with domain B, but not vice-versa.
Can we host the Weblink server in the DMZ and have the Directory Server in domain A?
Or does Directory Server need to be installed in the DMZ?
(We currently can not access LF License Manager from our DMZ)

Thank you!

0 0

Answer

APPROVED ANSWER SELECTED ANSWER
replied on July 28, 2015

In order:

  1. You don't need to upgrade the Laserfiche Server to use Laserfiche Directory Service (LFDS)
  2.  LFDS is a replacement for the License Manager, but you can choose to keep License Manager as it is even past version 9.2.
  3. Yes, LFDS generates licenses for Laserfiche products just like the License Manager
  4. No, either one works fine
  5. You cannot use the Laserfiche repository database.
  6. There is only a web administration console, no Windows application
  7. This has nothing to do with LFDS or License Manager. The LF Server needs to be able to verify the authentication token for users in domain B. If the server is in domain A which does not trust accounts from domain B, Windows authentication from domain B will not work.
1 0

Replies

replied on July 29, 2015 Show version history

Registering an instance of an application with LFDS (or License Manager) requires the hardware fingerprint of the machine where the application will be installed. If LFDS can communicate with the machine (when they are on the same domain, for ex), it will read the fingerprint for you. If that's not possible, you can run the utility that reads the hardware fingerprint on the WebLink server. Take the hardware fingerprint and enter it when registering a WL instance in License Manager or LF Directory Service. Then generate the license and copy it to the WebLink machine, run the installation and point it to this license.

1 0
replied on July 28, 2015

Thank you Miruna for that super-prompt reply!


As a follow-up, to the last question:
If we have prod weblink in domain B and prod LF in domain A, (all other environments are in domain B) where should the license manager or license server go?
 

0 0
replied on July 28, 2015

I'm not quite sure your scenario makes sense to me because it sounds like all your applications are in the DMZ...

Laserfiche servers need to contact License Manager/LF Directory Service periodically to validate their licenses. WebLink does not call back in to validate the license after the initial install, so LFDS should be on the same domain (or a trusted domain) as LFServer.

0 0
replied on July 29, 2015

The only thing in the DMZ is WebLink, because it is a public website.

We cannot allow our DMZ network’s LDAP to authenticate to the internal LAN where the License Manager and Laserfiche is. I can open some firewall ports temporarily, but the Weblink server would not be allowed to authenticate on any server in the LAN since it is a DMZ server. This is a mandatory requirement and is audited as per ISO\ISMS. This is not an atypical setup. How do we get our environment to work as is with the License Manager? Could you provide a scenario or documentation that fits our requirements?

Thanks again!

0 0
replied on July 29, 2015

Thank you Miruna!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...