Error: "LDAP user domain" when adding Secondary LDAP server
Description
If you have Primary LDAP server (x.x.x.x) setup on SonicWall with domain - mycompany.com, and you want to add a Secondary LDAP server (y.y.y.y) with the same domain - mycompany.com, you get the following error :
"Error: LDAP user domain: Domain mycompany.com on server y.y.y.y is already set on server x.x.x.x."
Cause
Often users are mistaken by the term "Secondary LDAP server" as the backup server of same domain that is there on Primary LDAP server. But it is not true, secondary LDAP server are for the domains other than Primary LDAP domain.
To add an LDAP server on SonicWall follow the link : How to integrate LDAP/Active Directory user authentication?
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
To add a Secondary LDAP server with a different domain, follow the same procedure as mentioned in the link above with few changes :
- Navigate to LDAP Server | Settings > Role, select the radio button "Secondary LDAP server" instead of selecting "Primary LDAP Server" as mentioned in the link.
- Enter Domain name.
- List the domain under the Directory-> Trees.
- Navigate to Configure LDAP | Referrals and enable the option "Allow Referrals".
CAUTION: It will work if both the LDAP servers refers to a separate domains, where both servers will work together with Authentication Partitioning. If you enter same domain and select the Role as "Secondary LDAP server", it will give an "Error: LDAP user domain: Domain mycompany.com on server y.y.y.y is already set on server x.x.x.x."
To add a Secondary LDAP server with a same domain as the Primary Server, follow the same procedure as mentioned in link above with few changes :
- Navigate to LDAP Server | Settings > Role, select the radio button "Backup/Replica Server" instead of selecting "Primary LDAP Server" as mentioned in the link.
- Navigate to Configure LDAP | Referrals and enable the option "Allow Referrals".
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
To add a Secondary LDAP server with a different domain, follow the same procedure as mentioned in the link above with few changes :
- Navigate to LDAP Server | Settings > Role, select the radio button "Secondary LDAP server" instead of selecting "Primary LDAP Server" as mentioned in the link.
- Enter Domain name
- List the domain under the Directory-> Trees
- Navigate to Configure LDAP | Referrals and enable the option "Allow Referrals".
CAUTION: It will work if both the LDAP servers refers to a separate domains, where both servers will work together with Authentication Partitioning. If you enter same domain and select the Role as "Secondary LDAP server", it will give an "Error: LDAP user domain: Domain mycompany.com on server y.y.y.y is already set on server x.x.x.x."
To add a Secondary LDAP server with a same domain as the Primary Server, follow the same procedure as mentioned in link above with few changes :
- Navigate to LDAP Server | Settings > Role, select the radio button "Backup/Replica Server" instead of selecting "Primary LDAP Server" as mentioned in the link.
- Navigate to Configure LDAP | Referrals and enable the option "Allow Referrals".
