I have a customer that has most of their employees in AD under the base distinguished name similar to ci.company.abc.us but they have another group under dept.ci.company.abc.us. I currently have my Base Distinguished Name under the LDAP configuration for Participant users set to DC=ci,DC=company,DC=abc,DC=us and it is working for all of the users/groups within that. However it is not pulling in the users/groups for those in dept.ci.company.abc.us. I do not have access to AD and the customer is not changing their AD environment to fit this Forms limitation. I know there is not a way to have multiple base distinguished names in the LDAP configuration for Participant users but is there a way I could change my current Base Distinguished Name to pull in both? Or any other suggestions to handle this issue?
Question
Question
LDAP Participant Licenses Across Different Base Distinguished Names
Replies
I take it no one has found a way to have LDAP participant users across multiple domains? If not then this is a severe limitation for large organizations that are buying hundreds of these participant licenses to expand Forms usage at an enterprise level.
I know Laserfiche is aware of the Forms LDAP needs. You will see a lot of posts in Answers about this. I have to say though, considering Forms is really on v.1.2, it is a great product for being in the its early stages. I would imagine that the ability to use multiple base distinguished names will be coming in a future version because of the requests that have already been made.
I agree completely with you on how great forms is coming along but the primary purpose of my post was to see if anyone had found a way around this limitation. As hundreds (and in some cases thousands) of participant licenses are being deployed these LDAP issues are growing rapidly. I currently have several customers already facing these issues, with a few more getting ready to come online, and they are needing to find a solution sooner rather than later.
My secondary point is that Laserfiche (which Forms is sold as a part of) is an Enterprise level application. Medium to large enterprise organizations have multiple domains and this limitation severely hampers their ability to use Forms as a true Enterprise application. Additionally, we have a related issue where users and groups for participant licenses are stored in different OU's directly underneath the AD DC level. Thus to have the LDAP sync pull back both users and groups to for participant licenses & forms permissions, we are having to sync LDAP across 30,000+ objects, which Laserfiche is saying Forms is unable to support now. Being able to support multiple base distinguished names would also alleviate this issue as we'd be able to more accurately determine the objects we need to sync.
Currently what has been mentioned in these posts is that these issues, along with direct AD integration for participant users, will be resolved in the next iteration, which appears to be the new unified licensing application for Laserfiche 10. As Laserfiche 10 is not currently listed on the Product Roadmap, my hope is to continue to raise awareness of the magnitude of this issue so that a minor version update and/or hotfix is released that allows Forms participant licenses to be manageable for medium-large organizations.