Product Documentation

Configuring LDAP Group Extraction for Multiple Domains

Feb 27, 2014

If you have multiple domains for authentication and are using StoreFront or the Web Interface, you can configure NetScaler Gateway to use group extraction to send the correct domain name to the Web Interface.

In Active Directory, you need to create a group for each domain in your network. After you create the group, you add users that belong to the group and specified domain. After the groups are configured in Active Directory, you configure LDAP group extraction for multiple domains on NetScaler Gateway.

To configure NetScaler Gateway for group extraction for multiple domains, you need to create the same number of session and authentication polices as the number of domains in your network. For example, you have two domains, named Sampa and Child. Each domain receives one session policy and one authentication policy.

After creating the policies, you create groups on NetScaler Gateway, and you bind the session policies to the group. Then, you bind the authentication policies to a virtual server.

If you deploy StoreFront in multiple domains, there must be a trust relationship between domains.

If you deploy App Controller or the Web Interface in multiple domains, the domains do not need to trust each other.