Home » Categories » Authentication » LDAP

Active Directory with multiple Domain Controllers via Global Catalog

When several domains are organized in different domain controllers, all records can be reached when using the Global Catalog. The advantage is that instead of having one LDAP/AD configuration for every domain controller, one connection that connects to the Global Catalog is sufficient.

 

Connect to Global Catalog

When configuring the basic information in a new LDAP Connection, specify the host without any protocol. Further specify 3268 as port number.

 

 

The further configuration does not differ from a usual LDAP/AD one.

 

Access through a single group

Depending on the use case it might be convenient to grant access to LDAP/AD users by having a central, global group that contains all the members. Typically it makes sense to make sub groups of each domain controller member of that global group. This requires the LDAP_MATCHING_RULE_IN_CHAIN to be specified in the user and login filter.
Attached Files
There are no attachments for this article.
Related Articles
Migrating to another LDAP server
How LDAP/AD password policies and external storage mounts work together
Feedback

If you have any questions or feedback on this article, do not hesitate to contact us. We are here to help you get the most out of Nextcloud.