How To Configure LDAP in DocuShare to Authenticate to Two Different Active Directory Domains
Note: This solution applies to DocuShare 6.x, 6.5.x and 6.6.1.
Note: You must be a Windows Administrator and Site Administrator to Perform this solution
Note: The Object Classes and LDAP Bind attributes are not included in this Configuration area, these settings are retrieved from the main configuration page. Therefore, the LDAP Attributes related to BIND users and BIND Groups need to be the same on both LDAP Servers.
· You must have one LDAP Server in DocuShare configured and working
This includes the following:
o Being able to successfully add LDAP users in DocuShare
o Logging into DocuShare successfully with the LDAP users
Note: Having one LDAP Server configured and working is not required; however, we strongly recommend this is done before proceeding to configure another LDAP server.
Note: If you do not have the prerequisite complete you will need to See the solution on Configuring DocuShare for LDAP.
· You must have the configuration information for the second LDAP server
This includes the following:
o The host name of the LDAP Server
o The port number of the LDAP Server
o If you use SSL, the port number you want to use for SSL
o The DIT Root
o The User RDN Key
o The Relative Authentication and Directory Services Attributes
Note: If you do not know how to gather the information listed above from your LDAP server. Refer to the Solution (for Windows Environments): How To Use the LDIFDE tool to Gather information from LDAP.
1. Login to DocuShare as admin
2. Click Admin Home on the navigation bar. The Admin Home page displays.
3. Click the [+] symbol next to Account Management
4. Click the Domains link. The Domains page displays.
5. Under the Domain Name heading, enter the domain name
6. Under Authentication and Directory Service Providers menu, select LDAP, LDAP
7. Under Relative Authentication Locator, enter the Relative Authentication Locator for your LDAP Server.
8. Under Relative Directory Service Locator, enter the Relative Directory Service for your LDAP Server.
9. Under Enable Subtree Search, select if applicable for your site.
Note: The Enable Subtree Search allows users anywhere under the domain to be eligible to login, except for Child Domains. Child Domains are not searched because they would require a separate domain configuration pointing to that particular DC (Child Domain).
10. Under Enable Listener, select if applicable for your site.
Note: If you decide to enable the listener after you are up and running you should do a full manual synchronization first. Then enable it, because it picks up changes dynamically.
11. Under LDAP Server Info, enter the configuration information for the second LDAP Server in the format listed below.
<hosts>another.domain.com</hosts> <port>636</port> <ssl>true</ssl> <dit_root>dc=another_dc,dc=xerox</dit_root> <agentdn>cn=another_agent,dc=another_dc,dc=xerox</agentdn> <agentpassword>password_of_another_agent</agentpassword>
Note: You will need to change the entries to values that apply to your LDAP server environment.
Note: It may be easier to enter the LDAP Server Info into a text editor first (such as NotePad) and then use the copy and paste functions to paste the information into the LDAP Server Info field in DocuShare due to the length of the text box.
12. Click the Add button.
Solution Updated: May 26th, 2014
Solution ID: 345