Authenticating Against Multiple LDAP Domains

PPM can handle multiple domains during LDAP authentication. To configure this feature, you add the server configuration parameter LDAP_URL_FULL to the server.conf file.

The values for the LDAP_URL_FULL parameter include a space-delimited (not comma-delimited) list of full LDAP URLs. Each LDAP URL must specify a base distinguished name (DN), which is used in place of the LDAP_BASE_DN server configuration parameter.

Example of how to set the LDAP_URL_FULL parameter:

com.kintana.core.server.LDAP_URL_FULL=ldap://<Host>.<Your_Domain>.com/CN=Users,DC=<Your_Domain>,DC=com ldap://<Host>.<Your_Domain>.com/OU=Users2,DC=<Your_Domain>,DC=com

Disabling the LDAP_URL parameter

If you add the LDAP_URL_FULL parameter to the server.conf file, make sure that you comment out the LDAP_URL parameter. The LDAP_URL parameter supersedes the LDAP_URL_FULL parameter so that, if both are specified in the server.conf file, PPM uses the value set for LDAP_URL.

If the URLs provided for LDAP_URL_FULL do not have a DN value, PPM uses the value set for LDAP_BASE_DN.

Note: To specify a space character inside of a URL, use the URL-encoding scheme, and replace the space with %20. For example, if you have an organizational unit called My Org Unit, then specify My%20Org%20Unit in the LDAP URL.

For more information about server parameters related to LDAP integration, see LDAP Attribute Parameters.