One of our Rio customers has a Laserfiche Forms server hosted on their DMZ, and they need a way for their named users to log into that Forms server using a regular username and password, as opposed to their Windows account. There is no trust between the two domains, and it is not feasible to set it up. So we went ahead and configured Laserfiche trustees for them, but when we linked those to their Windows accounts, we got a message that said all authentication, attribute and audit settings on the Windows accounts would be ignored because, for whatever reason, the LF trustee takes precedence.
I find this quite vexing. I thought one of the selling points of Rio was to make user management very easy, and that was accomplished by leveraging Active Directory. So it seems to me that Laserfiche trustees should be treated as secondary in situations where a user has both. Can someone from Laserfiche explain the reasoning behind why that is not the case?
Ideally, the Windows accounts should be the primary authority (since we have AD synchronization set up at License Manager), and linking them to an LF trustee should simply provide the additional ability to log in using a username and password in situations where the AD server is not reachable (e.g. most scenarios involving a DMZ).
They have been using their Windows accounts for a while, and we don't have an easy way of copying authentication, attribute and audit settings from Windows accounts to LF trustee accounts. We also do not want to lose the benefit of AD synchronization, especially since this company has a lot of turnover.
We need a more elegant way of handling this scenario. Any assistance is appreciated.