Thanks. Appreciate the advice. jamie
On 11 June 2014 15:10, Jason Haar <[email protected]> wrote: > On 10/06/14 20:39, Jamie Baddeley wrote: > > > > Has anyone done this before? If so I'll push back on the AD admin >> > to try harder. >> > > You can't do it using a single LDAP connector. AD trusts are not > transitive across forests, so an LDAP connection to an AD domain controller > can only authenticate users in that forest - not any other. > > And as you've discovered, almost every "LDAP enabled" product out there > appears to be ignorant of that fact and only support a single forest (they > think domain, but it is forest). Either you can try to create an LDAP proxy > that merges several LDAP backends into one (good luck with that, I never > managed it), or you need to look at something besides LDAP. > > Owncloud supports a "webdav authentication" backend too - you could use > that instead. Basically it takes the username and password the user types > into the form and throws it at an HTTP backend of your choice: you could > pass that to (say) IIS - which can do multi-forest authentication. However, > you will lose all ability to manage users within owncloud as that backend > doesn't have the appropriate hooks owncloud needs. You could also look at > SAML - basically you need to move the multi-forest problem off onto a > backend that can support it > > All conjecture on my part, but one of them might work > > -- > Cheers > > Jason Haar > Information Security Manager, Trimble Navigation Ltd. > Phone: +1 408 481 8171 > PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 > > > _______________________________________________ > User mailing list > [email protected] > http://mailman.owncloud.org/mailman/listinfo/user > >
_______________________________________________ User mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/user
