grouper-users - [grouper-users] PSPNG - Active Directory - Two Domains
Subject: Grouper Users - Open Discussion List
List archive
- From: Ryan Rumbaugh <>
- To: "" <>
- Subject: [grouper-users] PSPNG - Active Directory - Two Domains
- Date: Tue, 25 Jun 2019 16:53:37 +0000
|
Hi all,
Has anyone configured PSPNG for an AD with more than one domain? We’re running into a challenge with doing just that because the parent domain Grouper is connecting to has no visibility to the child domain when running userSearchFilter.
Initially, we had an issue because, by default, Grouper is creating domain local groups, but we adjusted the groupCreationLdifTemplate to create Universal groups which now works, but not being to find anyone in the child domain still is the hurdle we need to overcome.
One final note, we did explore using the Global Catalog port, 3269, and it does provide visibility in both domains, but unfortunately, ADD or UPDATE operations are not supported.
Ideally, we would use the global catalog port for the searching/filtering, but use a different connection on port 636 for the membership updates.
Any help or suggestions would be appreciated, thanks!!
-- Ryan Rumbaugh
|
- [grouper-users] PSPNG - Active Directory - Two Domains, Ryan Rumbaugh, 06/25/2019
- Re: [grouper-users] PSPNG - Active Directory - Two Domains, Jeffrey Williams, 06/27/2019
Archive powered by MHonArc 2.6.19.