Implementation has AD. The SDL Tridion CMS MMC console DOES NOT have any AD-LDAP integration (no sync or anything). Just a plain vanilla install. This means users are created in AD, then manually added in CMS and given rights/access in CME. When we add a user we just provide the Domain name in the GUI and the CMS goes and fetches all the users. Now we do not provide any configuration or reference to any AD-LDAP server anywhere for above setup. If a domain “My_Domain” has 20 AD servers then how does Tridion knows which AD to pick for this new user (part of “My_Domain”) to be added? OR if an existing user logs in then how does Tridion knows which AD server to go for look up (if there are 20 AD-LDAP servers a particular domain may have)?

active-directorytridion

Vinod Bhagat

Reputation: 481

How does Tridion CME pick specific AD-LDAP from a domain containing many AD-LDAP?

Implementation has AD. The SDL Tridion CMS MMC console DOES NOT have any AD-LDAP integration (no sync or anything). Just a plain vanilla install.
This means users are created in AD, then manually added in CMS and given rights/access in CME.
When we add a user we just provide the Domain name in the GUI and the CMS goes and fetches all the users. Now we do not provide any configuration or reference to any AD-LDAP server anywhere for above setup.
If a domain “My_Domain” has 20 AD servers then how does Tridion knows which AD to pick for this new user (part of “My_Domain”) to be added? OR if an existing user logs in then how does Tridion knows which AD server to go for look up (if there are 20 AD-LDAP servers a particular domain may have)?

Upvotes: 4

Answers (2)

Dominic Cronin

Reputation: 6191

Tridion doesn't "know" which domain to use to look up users. It simply makes use of the default domain configured for the server. In fact, to put that more clearly, it uses the Windows API to query for this information. (Actually I have no detailed knowledge of this for anything more recent than the R5 products, but it seems reasonable that this will work pretty much the same on a current release.)

So if you want to figure out how you should expect your system to behave, your best bet is to look up the relevant Microsoft documentation. For example, you can find the domain controller (or Active Directory) with NetGetDCName, and look up the users with functions like NetUserModalsGet

Upvotes: 3

Nuno Linhares

Reputation: 10234

OK, we can forget LDAP for now, since you didn't configure it. Tridion will use standard Windows authentication over NTLM/Kerberos.

The answer is that Tridion doesn't know or cares which server to use. This task is delegated to IIS, which in turn will use whatever server the Windows OS tells it to.

You're probably better off asking this question to a Windows Server group, and forgetting the Tridion part of it. When using Windows authentication Tridion will just rely on standard IIS to deal with it.

Upvotes: 5

How does Tridion CME pick specific AD-LDAP from a domain containing many AD-LDAP?

Answers (2)

Related Questions