Change LDAP string to use a specific Domain Controller server

  • 15 February 2022
  • 0 replies
  • 642 views

Userlevel 5
Badge +20
 

Change LDAP string to use a specific Domain Controller server

kbt132030

PRODUCT
K2 Five
K2 blackpearl
BASED ON
K2 Five (all)
TAGS
Active Directory
Management Console
This article was created in response to a support issue logged with K2. The content may include typographical errors and may be revised at any time without notice. This article is not considered official documentation for K2 software and is provided "as is" with no warranties.

Objective

This KB describes how to force the K2 server to use a specific Domain Controller

Before You Begin

 

You will have to modify the LDAP string to use the Domain Controller you want to use, as described in this article:
https://serverfault.com/questions/130543/how-can-i-figure-out-my-ldap-connection-string

You can also make sure the K2 Server is able to reach the Domain Controller using the "nltest" command, as per this article:
http://mikerodionov.com/2016/02/ad-ds-infrastructure-failures-and-k2/

 

Build the string as follows:

LDAP://DC1.domain.com/DC=DOMAIN,DC=COM

 Where DC1.domain.com is the domain controller, that needs to be used.

Note that if this domain controller becomes unavailable, K2 functionality will be impacted. Especially in older versions, K2 might not work at all.

How-to Steps

Go to K2 Management then browse to your Users > K2 > Domains where you should see all your registered domains with their respective LDAP:// or GC:// strings.

Edit the LDAP:// or GC:// strings there to only use one Domain Controller as per the above.

If there is only one domain registered then this LDAP string can not be edited, therefore you will have to make changes directly in the K2 database. Please log a support ticket to get help with modifying the XML in the RoleInit column for the "K2" Security Label in the [HostServer].[SecurityLabel] table.

Please restart your K2 Service for the changes to take effect.


0 replies

Be the first to reply!

Reply