Multiple domains and directory servers

In several scenarios, it is relevant to set up multiple connectors:

The common denominator between these scenarios is that user information is potentially fetched from different sources (different directory servers).

Only one connector should serve as group graph builder, even if you have multiple directory servers. If you use more than one, you must make sure that all directory servers have the exact same structure to represent all groups that are related to DME_User. This can easily be done within one enterprise, but in case you are working with multiple companies, you cannot easily enforce the same naming convention for all groups.

In that latter case, for multiple companies (domains), you can build a group graph if you have one central LDAP for all companies (such as Hosted Exchange).

When you have distributed LDAP servers, there are two ways to ensure that users are authenticated correctly:

  1. Create a DME_User group in each LDAP, and add users to them (group nesting is not supported).

    or

  2. Manually specify which users are serviced by a specific connector. This is of course only feasible and manageable for testing and for companies with a very limited number of users (see also the section Connector routing below).

In this section

Connector broadcasting

Connector routing

Multiple AD domains

Next topic

Connector broadcasting