Access Control > Detailed Directions > Configuring LDAP on an Application Server > Configuring the LDAP Service on an iControl Application Server for Multiple Domains
 
Configuring the LDAP Service on an iControl Application Server for Multiple Domains
 

REQUIREMENTS:  

Make sure you meet the following conditions before beginning this procedure: 
You have opened the iControl—Access control page (click HERE).
You have read "Rules for Local Domains".
You have the illustration "Sample Multi-Domain Setup" available as a reference.
1. On the iControl—Access control page, in the Base Domain managed by this server field, type the name of the domain (e.g. myCompany.com) that this Application Server will manage.

[ Graphic ]  

2. Leave the Superior referral IP field empty.
3. Click Initialize.
 

NOTE: If this Application Server has previously been used to run an LDAP service, the button will be labelled Reinitialize.

4. Select the Run LDAP service on this Application Server check box.
System Response: As the LDAP service starts up, the iControl—admin page reloads.
5. In the Domains Managed Here section, click Add.
System Response: A window appears, prompting you to type a domain name.
6. Type the local domain name (from ), and then click OK.
System Response: The newly added local domain appears in the list under Domains Managed Here.
7. Repeat step 5 through step 6 as needed to add additional domains, which must be children of the local (base) domain (e.g. montreal.myCompany.com, winnipeg.myCompany.com, etc.).
8. In the Remote Domain Referrals section, click Add.
System Response: A window appears, prompting you to type a referral domain.
 

NOTE: You should add a referral domain if you want a user to be able to have access to resources in the remote domain.

9. Type the referral domain name followed by the IP address of the LDAP server (i.e. Application Server) that manages that domain (e.g. ottawa.myCompany.com 10.10.20.10), and then click OK.
System Response: The newly added local domain appears in the list under Remote Domain Referrals.
 

NOTE: There is no need to add sub-domains (e.g. operations.ottawa.myCompany.com) since the referral to a domain implicitly refers to its children.

10. Select the new referral domain name in the list, and then click Visit Admin Page.
System Response: A new window or tab (from the referral server) appears in your Web browser.
11. In the Base domain managed by this server field, type the name of this referral server’s domain (from).
12. In the Superior referral IP field, type the IP address of the Application Server you originally logged on to.

[ Graphic ]  

 

NOTE: The Superior referral IP is used as an alternative when the LDAP server cannot resolve the distinguished name (DN) of an entry. The Superior referral IP should point to an LDAP server that will be able to resolve the DN, such as the LDAP server that manages the parent of the base domain.

13. Click Initialize.
 

NOTE: If this Application Server has previously been used to run an LDAP service, the button will be labelled Reinitialize.

14. Select the Run LDAP service on this Application Server check box.
System Response: As the LDAP service starts up, the iControl—admin page reloads.
15. In the Domains Managed Here section, click Add.
System Response: A window appears, prompting you to type domain name.
16. Type the local domain name (from), and then click OK.
System Response: The newly added local domain appears in the list under Domains Managed Here.
17. Repeat as needed to add additional domains.
At this point, the LDAP service is running and configured on both the local and the referral Application Servers. You should also enable Access Control on these servers if this has not already been done (click HERE).
 

NOTE: If you configured the LDAP service immediately after enabling Access Control on the Application Server, you must now restart iControl (click HERE).