You are viewing limited content. For full access, please sign in.

Question

Question

Directory Server Trust model

License Manager Directory Server Version 10 Licensing Backup and Recovery
Updated October 21, 2016
asked on December 3, 2015

Hi - We have a client with a dual AD model - They wish to adopt Directory server to manage LF users placed in both domains.  Presently they have no trust relationship established between domains.  We understand that their current model does not support this. Please can you advise how the trust relationship would need to be established (e.g 1 way trust, 2 way trust) and does the placement of the server hosting LFDS with a domain dictate what trust model is required.

Does LFDS v10 offer any considerations / advantages when assesing this problem and how it shoudl be approached.

0 0

Replies

replied on December 7, 2015

Hi Paul,

With Directory Server you shouldn't require a trust relationship between the two domains. It's possible to add a second identity provider to lookup users from the second domain.

0 0
replied on December 10, 2015

Tom is right about the  identity providers, although the second domain has to be accessible and not completely firewalled from the first domain. However, the second part of Directory Server is licensing. Applications on the second domain, like the LF Server or Quick Fields, need to be able to connect to LFDS periodically to validate their license.

0 0
View 3 previous replies
replied on December 10, 2015

Hi guys - thanks for your input.  So to confirm as simple as possible a trust relationship does not need created between the two currently non-trusted domains.

LFDS has the ability to lookup users from two active directory controllers.

LFDS will however require to connect to applications hosted within the separate domains to validate licences.

0 0
replied on August 3, 2016

Miruna, we are testing this scenario (two domains, no domain trust) and are able to add the identity provider for the second domain using domain admin credentials.  We are even able to browse the directory of the secondary domain.  However, we receive a "No user found. (LFDS19)" message when we search for a user -- screenshot attached.  Other than opening ports 80,5051, and 5048, do you know if anything else needs to be opened up to make this work without the domain trust?   

Screenshot 2016-08-02 15.31.34 V2.png
Screenshot 2016-08-02 15.31.34 V2.png (47.64 KB)
Download
0 0
replied on August 5, 2016

Hi, Chad!

We're currently looking into this issue. It looks to be a bug in the way the web admin console authenticates to the other domain.

0 0
replied on August 5, 2016

Hi Miruna!  Thanks for the confirmation!

0 0
replied on October 21, 2016

Dears,

Any update regarding the above?

0 0
replied on October 21, 2016

We are currently working on a patch that we think will address this issue, among others.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Attachments
Related Posts
Loading ...