Oracle Primavera P6
https://www.oracleprimavera.ru/

Primavera Использование нескольких LDAP серверов.
https://www.oracleprimavera.ru/viewtopic.php?f=4&t=13
Страница 1 из 1

Автор:  strike1984 [ 08 авг 2011, 08:30 ]
Заголовок сообщения:  Primavera Использование нескольких LDAP серверов.

Добрый день. Primavera 8.0 при использовании нескольких LDAP серверов, Primavera видит пользователей только в первом подключенном. LDAP сервера 389 DS (2 штуки), MS AD. Это ошибка или особенность работы?

Автор:  Primus [ 11 авг 2011, 17:15 ]
Заголовок сообщения:  Re: Primavera Использование нескольких LDAP серверов.

strike1984 писал(а):
Добрый день. Primavera 8.0 при использовании нескольких LDAP серверов, Primavera видит пользователей только в первом подключенном. LDAP сервера 389 DS (2 штуки), MS AD. Это ошибка или особенность работы?

По умолчанию указывается один LDAP, который задается в настройках Примуса. Для организации многодоменно структуры почитайте вот это (источник уже не помню, где брал):
Single LDAP Domain/Multiple LDAP Domain Global Catalog configurations:

When you are using LDAP authentication with Primavera you must configure the connection settings in the Primavera Administration tool, Authentication tab.

For the case were you have users stored in 1 section/organizational unit/domain in the Active Directory, you will most likely be authenticating against a single Active Directory server where your users are stored. For this case you must specify the "Directory Server(s):" parameter to be the name or IP address of the Active Directory server, because regular LDAP lookups are sent to TCP port 389 by default. Simply enter the host name or IP address of this Active Directory server with no reference of the port number, unless you are using a non-default value. In this case the "Directory Server(s):" parameter will look like this:


12.23.45.678:888

where 12.23.45.678 is the Active Directory server and 888 is the non-default port being used.

For the case where you have users stored in across multiple sections/organizational units/domains in the Active Directory, you will most likely need to authenticate against multiple Active Directory servers which are managed by the Global Catalog. In this case you need to authenticate against the Global Catalog to access all users. Why the Global catalog? According to Microsoft:


"The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.

In addition to configuration and schema directory partition replicas, every domain controller in a Windows 2000 Server or Windows Server 2003 forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object.

The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server."

For this case you must specify the "Directory Server(s):" parameter to be the name or IP address of the Global Catalog server, but use 3268 for the port number, which is the default TCP port used for Global Catalog communication. In this case the "Directory Server(s):" parameter will look like this:


12.23.45.678:3268

where 12.23.45.678 is the Global Catalog server and 3268 port being used.

After entering these values the Primavera application, must be stopped and started for the changes to take effect. Please see the System Administrator Guide, Authentication Options" for a complete set of instructions for using LDAP Authentication.

Страница 1 из 1 Часовой пояс: UTC + 6 часов
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/