Skip to main content

 

Documentation & User Guides | FotoWare

Suppressing LDAP queries during AD lookup

 

In very complex domain setups you may experience that the user lookup during login to FotoWeb times out before the user can be located, making it impossible to log in.

To this end, it is possible to control which parts of the domain FotoWeb queries during login by adding the undesired parts of the domain to a blacklist that will not be queried. The blacklist is managed in the FotoWeb site settings in the Operations Center: go to the Settings tab, expand the Services node and choose the Directory Server node.

This page lets you configure the AD setup used by the FotoWeb site. Click on the Manage Domain Blacklist button to define the areas of the domain that should be exempt from lookups.

Example

Note: Entries are added using .

The blacklist contains regular expressions (Wikipedia, external link) that are matched against LDAP distinguished names (DN).

An LDAP DN looks like this:

CN=ACME Promotion Team,OU=Sales,OU=Germany,DC=bestacmesales,DC=com

 

A regex that blocks lookup of anyone in the “Sales” organizational unit will look like this:

.*,OU=Sales,OU=Germany,DC=bestacmesales,DC=com

With this entry in the black list, groups in “Sales” are invisible to FotoWeb, which is OK as long as none of these groups have been imported into FotoWeb. Since these lookups are not being made, login can be faster.