You are viewing limited content. For full access, please sign in.

Question

Question

Is my understanding of LDAP correct?

Directory Server
Updated September 1, 2021
asked on August 31, 2021

I thought LDAP is an alternative way to communicate with a domain controller for servers not on the domain's network.

Why is it required to join the host to the domain before configuring LDAP, since if you were able to join the domain, you don't need LDAP anymore.

0 0

Answer

SELECTED ANSWER
replied on September 1, 2021

Unfortunately we have no plans to support workgroups with LFDS at this time, as it is not designed to work in that state. There is a possibility that you can get LFDS and LFS working by placing them on the same workgroup machine, but that is not a supported configuration and we will not troubleshoot support cases for systems in this configuration.

0 0

Replies

replied on September 1, 2021

Hi Chad,

LFDS and LFS need to be joined to domains that trust one another (or joined to the same domain) in order for them to communicate. This requirement is unrelated to utilizing an LDAP identity provider in LFDS.

The LFDS machine's domain does not need to be the same domain as the LDAP identity provider, and does not need to have trusts with the domain of the LDAP identity provider. It is here that using an LDAP identity provider becomes a useful option over using an AD identity provider.

0 0
replied on September 1, 2021

Hi Chase

For several years we have used LDAP as an alternative for customers who have a Laserfiche Server on a host that has no option to join their domain (or any domain for that matter). We have many servers configured like this and all are functional.

LDAP has been a way they could continue to use Active Directory Authentication in Laserfiche and that still appears to be the primary reason it exists.

It works for us, but we are being told it can not be supported without joining the host to a domain. If we could join the domain, we would never use LDAP because it has huge limitations over Kerberos.

Also on a side note, we have customers who use LFDS, with DS Auth and all the features (except active directory auth) from a workgroup. This is because not all companies have Active Directory.

0 0
SELECTED ANSWER
replied on September 1, 2021

Unfortunately we have no plans to support workgroups with LFDS at this time, as it is not designed to work in that state. There is a possibility that you can get LFDS and LFS working by placing them on the same workgroup machine, but that is not a supported configuration and we will not troubleshoot support cases for systems in this configuration.

0 0
replied on September 1, 2021

Ok, well I will not recommend anymore LDAP systems going forward and I will be clear that they would receive no support if there was an issue, but we are stuck with the clients who are using it currently.

I am still baffled as to what LDAP was for and how we could be communicating it's purpose incorrectly all these years. Everything I read about LDAP online states it is an alternative for user authentication when you do not have access to Kerberos.

It seems to me we were using it for it's exact intent and now I am told these servers can not be supported when we have a seemingly unrelated issue.

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...