How to connect to a specific AD Site

Follow
    Applies to:
  • SecureAuth Identity Platform
Deployment model:
  • Cloud
  • Hybrid
  • Version Affected:  All

    Description:  

    When using Active Directory as a Datastore, if the domain name doesn't match the domain that the IdP is joined to, SecureAuth performs a SRV lookup for your connection string. This can result in attempts to connect to DCs that are located on suboptimal network paths

     

    Cause:  

    SRV lookup for all LDAP servers at that FQDN without specifying a site means that you can connect to any server in your AD. 

     

    Resolution:  

    Modify the Connection String to make SecureAuth connect to a local DC based on the site you specify. As long as there are multiple DCs in that site, you'll still have failover. 

     

    1. Open the SecureAuth admin console

    2. Modify the Datastore Connection string. 

    For example if your connection string is currently

    LDAP://example.com/DC=example,DC=Com

    and you wanted to connect to DCs in your site called "wood" the connection string becomes

    LDAP://wood._sites.example.com/DC=example,DC=Com

    3. Save these changes and test the connection.

     

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.