Suppressing LDAP queries during AD lookup

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Applies to:FotoWare 8.0 Feature Release 4

In very complex domain setups you may experience that the user lookup during login to FotoWeb times out before the user can be located, making it impossible to log in.

To this end, it is possible to control which parts of the domain FotoWeb queries during login by adding the undesired parts of the domain to an exclusion list that will not be queried. The exclusion list is managed in the FotoWeb site settings in the Operations Center: go to the Settings tab, expand the Services node and choose the Directory Server node.

This page lets you configure the AD setup used by the FotoWeb site. Click on the Manage Exclusion list button to define the areas of the domain that should be exempt from lookups.

Example

Note: Entries are added using .

The exclusion list contains regular expressions (Wikipedia, external link) that are matched against LDAP distinguished names (DN).

An LDAP DN looks like this:

CN=ACME Promotion Team,OU=Sales,OU=Germany,DC=bestacmesales,DC=com

A regex that blocks lookup of anyone in the “Sales” organizational unit will look like this:

.*,OU=Sales,OU=Germany,DC=bestacmesales,DC=com

With this entry in the exclusion list, groups in “Sales” are invisible to FotoWeb, which is OK as long as none of these groups have been imported into FotoWeb. Since these lookups are not being made, login can be faster.