Multiple AD Domains Multiple Sites

Eddie_Kerr · December 17, 2008, 10:13am

i have an odd situation for some but someone might know,

my situation is a closed network where i fully administer AD and DNS and no internet connectivity is required.

i will break this down as best i can and see where we go from there,

i have four domains all on seperate subnets

IOS002.dii-id.local - 25.93.2.0/26

IOS003.dii-id.local - 25.93.3.0/26

IOS004.dii-id.local - 25.93.4.0/26

IOS005.dii-id.local - 25.93.5.0/26

linked together by means of a cisco router/network design

they are all individually managed by enterprise admins at each location, i use smtp connectors for inter-domain mail with microsoft exchange

we would like to have 4 openfire servers, 1 being at each location, now from what i have researched i can see that openfire is not able at the moment to achieve multiple domains, but from what i believe and have pieced from my research before asking this, i could possibly work around this,

i cant for the life of me remember the name of the piece of software im using but i found it at the start of my research here and its a bit like MIIS - Microsoft Integrated Identity Server, which is what we use to replicate a common global address list, its freeware but allows me to add a database and add all 4 domains together so when i connect the openfire to it, it would add all the users who are all role identical over the four locations but are seperated by means of a site tri-gram, e.g. ZIA_LanManager, ZIB_LanManager, ZIC_LanManager and so on,

now i have given the background/setup i think im ready to lead myself down the guarden path to where you tell me…nope aint achiveable mate !!!

my thought was if i take the 4 servers who’s host machine is a member of each individual AD domain and create a common IM Domain inside openfire,for example IOSIM and pull the AD from the single LDAP that holds all 4 seperate domains so that the users would end up as e.g. ZIA_LanManager@IOSIM, ZIB_LanManager@IOSIM.

can clustering over differnet subnets over a 2MB Wan Link occur so that its a common base of users, on a single openfire domain be able to have the same function or near as it can be as if it were clustered on a Lan

i have had done alot of reasearch into this before but being new to the openfire/im scene i am looking to you guys as the SME’s to Nurture me.

i thankyou in advance for any constructive help that you can give and if needs be point/bend/ammend my plan to achieve my goal,

finally, i will be using the spark client (doubt it will matter but its all i have forgot to mention).

all the best,

and agian TIA

Eddie.

JPalmer · December 17, 2008, 12:35pm

If I am reading the request correctly we had the same issue (multiple domains). I got around this by creating a universal group and putting any user(s) that I wanted to have access to IM in that group. In the same OU I also put the groups that I wanted published. Here are the filters that I used if you are interested:

Search Filter

(&(objectCategory=Person)(memberOf=CN=IM Users,OU=IM Access,OU=Universal OUs,DC=domain1,DC=root,DC=net)(sAMAccountName={0}))

Group Filter:

(&(objectClass=group)(memberOf=CN=IM Groups,OU=IM Access,OU=Universal OUs,DC=domain1,DC=root,DC=net))

NO_MESSAGES_OR_FRIEN · December 17, 2008, 1:45pm

If you have a unified AD forrest (all users are on a domain controller) then you should be able to do this with relative ease. You would only need one openfire server, with access to the internet (I know you said that is not used) or at least a name that resolves at all locations. Bind the top of the forrest to the baseDN and use filters to limit users.

Eddie_Kerr · December 17, 2008, 6:25pm

thanks for your very positive answers, i still have something thats bugging me, i still need to have 4 servers that can talk to each other so that if one server is down at anytime then the others can carry on.