VIP Enterprise Gateway - How to configure multiple user stores across different OUs within an organization

book

Article ID: 167929

calendar_today

Updated On:

Products

VIP Enterprise Gateway

Issue/Introduction

How to configure multiple user stores across different OUs within an organization. 

Resolution

To configure multiple user stores, please use one of the following options;

Option 1: Enter a Root DN for the Base DN (If not using LDAP referrals)

Example:

DC=lc,DC=local

Option 2: Create 2 Userstore entries in VIP EG with different Base DNs

Example:

UserStore 1: OU=People,OU=Admins,DC=lc,DC=local
Userstore 2: OU=Other Group,OU=Admins,DC=lc,DC=local

Note: VIP Enterprise Gateway searches for a user in the User Stores based on the following rules:

  • To search for a user in the User Stores, VIP Enterprise Gateway follows the order in which the User Stores appear in the User Stores page. If you want to change the order of search, you can re-order the User Stores in the User Stores page.
  • The user name that is provided as part of validation is replaced with the search filter that is provided in the User Store configuration. If the search query returns exactly one record, the user bind is attempted with the password provided. If no records are found or more than one user records are returned, the user search on that User Store is skipped. VIP Enterprise Gateway continues the search for the user on the next User Store.
  • If the user name record contains domain information, the user name is only validated against the User Store that serves the specific domain. For example, domain\user name in case of Active Directory.