Multi-Domain Deployment Scenarios
Overview
In order to provide personalized services and controlled access to private information, organizations increasingly deploy new applications that must access and leverage existing data, such as customer profiles and user authentication information.
Today, most large companies rely on directories for user management. In order to be able to manage employees on multiple sites worldwide, such companies may have different LDAP servers with separate user databases.
One solution is to use a meta-directory to join many data sources into a single directory. However, this is not always feasible with all environments. This section outlines two specific cases that describe how the AAA Server can be integrated in an environment that includes several Active Directory domains.
This section explores two scenarios:
- Scenario 1: Domain Tree, explains how to integrate the AAA Server in an environment with an Active Directory Domain Tree.
- Scenario 2: Multiple Domains in the Same/Different Forests, explains how to integrate the AAA Server in an environment with multiple Active Directory domains in the same or different forests.
About Active Directory
Active Directory provides ways to store replicas of different domains. A global catalog may hold a replica of every object in Active Directory, but with a limited number of each object's attributes. The global catalog stores those attributes most frequently used in search operations (such as a user's first and last names) and those attributes required to locate a full replica of the object. The Active Directory replication system builds the global catalog automatically. This allows users and administrators to find directory information regardless of which domain in the directory actually contains the data.
Active Directory also automatically establishes transitive bi-directional trust relationships between domains created in the same forest. For further information concerning AAA Server interaction with LDAP directories, see LDAP Directory.