2 Different LDAP Directories Possible?

ocadmin · March 27, 2023, 11:44am

We are merging 2 Windows domains
On both domains you can find the same user names( DomA\user1 and DomB\user1)

We currently authenticate user1 with DomA, but I’d like to add an LDAP config to also check for accounts in DomB.

Simple question: Is that possible?

+) will the LDAP plug-in will ask DomA + DomB? And pick the one that is working?
+) or do I have to remove the user in DomA, so the user can authenticate in DomB?
+) since the usernames in DomA and DomB are the same - can there be any other troubles? I am afraid that if I simply add DomB, DomA user can no longer log in or that the user table gets corrupted

Has anyone had this scenario?

eneubauer · March 27, 2023, 7:49pm

I personally have not had to deal with such a scenario. Not sure if other members from the team have, perhaps @jvillafanez?

If you absolutely have to be sure (which I guess you have to), the way to go is to create a test system, where you can play around. There you can try to figure out different test scenarios to cover the edge cases of your production environment.

Are only the usernames the same, or are these actually identical users?

Yes you can generate a second LDAP connection.

I think it does, but I am not sure about the behavior: whether one takes precedent, or something else.

If both log in with email address and have different UUIDs, then you might be in trouble. But I would recommend to test this.

By default ownCloud uses UUIDs as internal user names, if you then set the login filter for one LDAP directory to email address and the other to samAccountName, each login/user combination would be unique again.

But best would be to test, would be awesome if you let us know how it goes.

jvillafanez · March 28, 2023, 7:03am

It’s possible to have multiple connections, but I don’t think it’s widely tested, so there could be hidden issues. You probably should test it for a while.

If I remember correctly, both connections to the LDAP servers need to work. If one of them is down, ownCloud won’t work. Other than that, I don’t think there are other differences with working with only one connection.

ocadmin · March 30, 2023, 2:09pm

I simply added the second LDAP directory and configured that it will only check a certain OU with the users that were migrated.
For now, everything is working fine

system · June 28, 2023, 2:09pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.