Hello,
I’m working on deploying Fess in an environment with two AD forests connected via a trust relationship.
Kerberos authentication works for both ADs
But i’m stuck on the LDAP configuration wich is designed for 1 AD
What might be the best approach?
Thanks for your help
One possible approach is to use the AD Global Catalog (port 3268/3269) instead of regular LDAP. Since you have a trust between the forests, the GC may contain users from both. I haven’t verified this configuration myself, but it might be worth trying — just change ldap.provider.url to point to your GC port and set the base DNs to your forest root.
If that doesn’t work for your setup, extending LdapManager to support multiple LDAP servers would be another option, but that requires code changes.