LDAP and Multiple Domains (synchronisation)

I have been setting up LDAP authentication and synchronisation and we have two domains with users and groups spread among them. Authentication is not a problem as we can simply let users supply their domain, but synchronisation doesn't work effectively enough as only a subset of the users and groups will ever get updated for any domain we point TeamCity to.

Is there any way to specify multiple domains to search when synchronising users and groups?

I have labelled this "(sychronisation)" as the previous discussion of LDAP and multiple domains seemed to be resolved by not using it which was unfortunate.

3 comments
Comment actions Permalink

Hi Mark

It's not supported directly at the moment.
Do you use Microsoft Active Directory? If so, are these domains in the same forest?

0
Comment actions Permalink

Indeed, we only have one forest with two domains in it.

That said, LDAP is not looking very appealing to us either as we have to support external users which would require a custom authentication module that that tries LDAP and then somewhere else.

0
Comment actions Permalink

Hi Mark

We have this feature request in TW-4524, please vote.

In your case domains relate to the same Active Directory forest, so there are Global Catalog servers which aggregate user account data from all domains.
I didn't checked that and cannot promise this solution will work, but you could try to point TeamCity to connect GC rather than DC of specific domain.

Please let us know whether it work.

Thanks
Michael

0

Please sign in to leave a comment.