You are viewing limited content. For full access, please sign in.

Question

Question

Rio, LFDS & AD Group Synchronisation

Directory Server Laserfiche Installation and Upgrades
Updated October 16, 2015
asked on October 16, 2015

Hi All,

 

I’m doing some testing with AD groups and Rio and I’m confused a little as to what the process should actually be, and what should actually be a supported configuration.

 

So I’ve setup LFDS with an AD group with some users in, which synchronises and adds the group to the organisations tab with the users inside this with full licenses. All seems good.

 

Then I move onto the Laserfiche server (which is on the same server FYI), where I then add the same AD group as a windows account and set it to trusted. However I cannot login using a user within the group which has a full license. Even if I explicitly add the users and set it to inherit from group membership it still can’t log in. I’ve tried re-starting the Laserfiche server, deleting the LFSNU.DB file etc., but none of these allow the user to login. The only way I seem to be able to make this work, is to add the user as a windows account and set it to trust. Then it logs in. Which brings confusion?

 

What is the point of synchronising AD groups into LFDS if you still have to manually add the user into the LF admin console in order to grant access? Or shouldn’t this be the case? I’ve had a hunt around some other posts but none really answer this question.

 

Something else I wasn’t sure about is do the different types of AD groups have any impact on LFDS or Laserfiche in general? (Distribution group, security group, global, universal or domain local)

 

Cheers!

1 0

Answer

SELECTED ANSWER
replied on October 16, 2015

The 2 are sort of independent. AD Sync in LFDS is used to assign named user licenses to domain accounts. It has no impact on whether the accounts are trusted to log into a repository. The LF Server retrieves the updated list of named users several times from LFDS a day. To log into a repository, you need 2 things: a named user license and to be trusted to log in.

You should be able to set a domain group as trusted and have domain accounts that are members of this group log in without having to specifically trust those accounts. If that does not work for you, please open a support case.

1 0
replied on October 16, 2015

Thanks for the reply Miruna.

So what I am seeing is users having a license in LFDS but when I add an AD group they are part of to the LF admin console using trusted authentication, they are unable to login. I will open a support case to try and figure out why. Good to know that this is a supported configuration.

Cheers! smileyyes

0 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...