Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Safe Transition From LDAP to AD
-
We launched ProGet within one division of our company via LDAP. It is working well, but we acquired and we are now struggling to add other users using a different domain. The users have been mapped to the AD group (via GALSync) we created for ProGet. However, their credentials are not being accepted within ProGet.
We are considering moving from LDAP to AD since our current configuration doesn't appear to be working. However, we are concerned about the potential disruption this change may impose. I've seen a couple of Q&A entries that resulted in some difficulties and cases where your developers needed to send some C# code.
Questions:
- Is there guidance on proper configuration with multiple mapped domains using LDAP or is AD required?
- Is there guidance on the prep or process required to navigate from LDAP to AD?
- Do the items above require us to be on a specific (newer) version of ProGet?
Thanks,
Christian
Product: ProGet
Version: 3.8.6
-
You can fairly easily switch directory providers, so you could just try that and see if it works. A lot of organizations will have a dedicated ProGet test instance (note this requires a separate server license) to test upgrades and major configuration changes.
For most organizations, both LDAP and the Multi-domain configuration "just work". So long as service account running the ProGet web application has the appropriate permissions to query, and the domains are set for proper trust, then users will be retreived as expected.
But for some, it doesn't, and the only way to find out why is to do a detailed analysis using our code. 90% of the time it's a domain configuration problem. But there's no easy way to identify it because the AD libraries do not tell us why certain users or their groups are not returned in a query.