Ok gang. Here is the scenario.
These are separate branches of the same company. They have separate domains, DCs and users.
Lets call them BranchA and BranchB
DomainA, DomainB...no trust in place. They are not subdomains of a common primary domain, they are DomainA.local and DomainB.local with totally separate DCs.
The envisioned scenario is:
They want one LFDS so certain employees could have access to either repository and only tie up 1 license. I believe I can only achieve this, since there is no domain trust, by using all Laserfiche Users in LFDS, with the understanding that passwords would be different from AD Users.
All other respective LFDS users would only have access to their repository. We can handle that with rights and privileges in Admin Console for each repo.
So, let's say:
BranchA\User1 is allowed to access both repos.
BranchB\User1 is only allowed to access the BranchB repo.
In LFDS:
Create BranchA Organization
Create BranchA groups and users
Create BranchB Organization
Create BranchB groups and users
In Admin Console:
BranchA has a repo server on LFS.BranchA.local.
Under Laserfiche Directory Accounts, we add \BranchA\User1 and set rights and privileges
BranchB has a repo server on LFS.BranchB.local.
Under Laserfiche Directory Accounts, we add \BranchA\User1 and set rights and privileges
Under Laserfiche Directory Accounts, we add \BranchB\User1 and set rights and privileges
This is all with the understanding that the LFS.BranchA.local and LFS.BranchB.local servers will both be able to access the LFDS server.
We would use either DNS redirects or HOSTS entries on the LFS servers and the LFDS server so they can resolve the FQDN/IP of the servers on the other domain.
In theory, all of this should work as expected (I think), which brings me to a few questions.
1. Can domain locked licensing work here? These are VMs that we would want to use domain locked licenses on typically, but can LFDS handle 2 different primary domains for authenticating and licensing?
2. Would it matter which domain the Windows LFDS server was bound to?
3. Are there any ports other than TCP 5048, 5049 between each of the LFS servers (and Forms, etc) and the LFDS server that would need to be opened?
Thanks,
Jason