New case;
edir SSO not working 100%.
Scenario;
Customer have 8 offices,
each office 1 Astaro.
each office 1 (or more) Netware/eDir servers
So far so good; users at each office get SSO
trough their local/nearest Netware6.5 server on which they are
logged in to.
But, now, at their HQ, customer have added another office very close
to the main/HQ. This office is connected directly through a fiber
and into the HQ's Astaro through 1 NIC.
And, here's the issue;
This new office is using the same Astaro as HQ
but, they login in to their own/local Netware 6.5 server.
Same tree as HQ and also, they have mapping's to the main/HQ edir server.
But,, this does NOT work.
In Astaro, you define edir server and you define SSO-server.
This can ONLY be one obviously even though it's possible to enter more than one. the SSO definition only works towards 1 single server.
So, users from new/office can't use SSO since they do NOT have HQ's server as their login-server for edir. They ARE connected and logged in to the same EDIR and have access to both that server and their own local server.
But, SSO fail's.
If I instead chance the login for all users in office 2 to be toward's HQ's server and then attach/map their "stuff" towards the local server, it works.
But, I see this as a design-flaw of sorts.
1. If user have their own/local server as primary login server,
they ARE still logged into the same tree AND have the same access
to the initial/HQ's server but Astaro/SSO do NOT work.
2. even if it's possible to add more than one edir server in "servers",
any configuration of SSO is still ONLY done towards 1 SSO server.
So, in a tree were users might be "split up" between different servers for either performance or other purposes, there's no way getting SSO to work if they dont ALL login into the same/single server.
This thread was automatically locked due to age.
