Comments on: Easier Microsoft Active Directory Connectivity in OpenSSO Express 8

By: Pat Patterson

Pat Patterson — Thu, 12 Nov 2009 21:16:12 +0000

Hi Robert – I’m no longer working on OpenSSO (I left Sun a couple of months ago now), but I’ll pass your comment on to the OpenSSO team. Thanks!

By: Robert Kelly

Robert Kelly — Thu, 12 Nov 2009 20:22:44 +0000

Hi Pat,
I had a slight issue with the new feature.
We have multiple AD Sites and it picked a server in a remote site vs. a local one.

Before the LDAP lookup, a Site lookup should really be performed, probably based on the subnet the server is in and then finding out which LDAP servers are in that site.
In a domain with multiple Sites, you could end up configuring an AD connection to a server in a remote site over a potentially slow link vs. your local servers.

By: Pat Patterson

Pat Patterson — Mon, 21 Sep 2009 03:05:29 +0000

Hi hzhao, Yes, you can still specify AD hostname and port if you want to.

By: hzhao

hzhao — Mon, 21 Sep 2009 02:01:04 +0000

hi, pat. can I still specify the host and port to connect to AD?
actually, in my environment, the data store is ADAM not AD, but the schemas are identical to AD.

By: Pat Patterson

Pat Patterson — Wed, 16 Sep 2009 02:23:28 +0000

Hi Jonathan - you specify a *domain*, not an individual domain controller. I guess if you have the inter-domain trusts set up correctly in the forest, then it will all work...

By: Jonathan G.

Jonathan G. — Wed, 16 Sep 2009 00:18:51 +0000

Can I specify an AD forest, rather than DomainController, or can I not see the forest for the (LDAP) trees?