Microsoft Sharepoint Solutions

Download PDF
Challenge

Although more recent versions of Microsoft Sharepoint are capable of functioning in a multi-forest environment, complex Active Directory trust relationships will need to be configured and these will need to be integrated with Office and other Sharepoint-aware applications. There are also a number of related issues that arise in a Microsoft Sharepoint deployment where multiple Active Directory instances are being used, including problems with permissions and alerting.

Many enterprises have multiple Active Directory forests that do not have trust relationships configured, as it is often sensible from a security point of view to keep forests separated or isolated. Nonetheless, Microsoft Sharepoint deployments frequently need to be accessible to users across the enterprise, regardless of the domains that they belong to, in order to collaborate seamlessly with each other.

These problems become more apparent when attempting to deploy a Microsoft Sharepoint server within a DMZ that should be accessible to both external and internal users. Here, issues with regard to trust relationships become even more apparent.

To avoid overly complex configurations, and the requirement to form trust
relationships that you do not necessarily want within your architecture, you may seek a solution that applies a logical layer between your Active Directory instances and Sharepoint Server. This layer would need to consolidate user data from all Active Directory instances and should route the authentication requests to the appropriate domain.

Solution
Microsoft Sharepoint Solution

Symlabs LDAP Proxy can be configured to provide an ideal solution to the issues presented above. Symlabs LDAP Proxy is capable of acting as a single point of access to multiple Active Directory instances. By using the included plugins, Symlabs LDAP Proxy is able to offer a unified view of the data distributed across different domains regardless of the trust relationships that have been configured between domains.

A deployment like this is also capable of handling authentication requests by routing each bind request to the appropriate Active Directory server based on the domain information within the request. Once authenticated, a user will be able to access the resources available within Microsoft Sharepoint according to the permissions set for that user within the user's domain profile.

Symlabs LDAP Proxy may also be configured to provide additional functionality that may help to improve security, by using additional bundled plugins to log all interactions with backend Active Directory instances for auditing purposes. Furthermore, granular filtering controls can be configured to limit access by IP address or network or even by the credentials used for authentication. This sort of functionality may prove particularly useful in DMZ deployments.

Please see our tutorial on using Symlabs Virtual Directory Server to integrate Sharepoint with multiple Active Directory instances.

About Microsoft Office Sharepoint Server
Microsoft Office SharePoint Server facilitates collaboration, provides content management features, implements business processes, and supplies access to information that is essential to organizational goals and processes. Sharepoint Server is integrated with Microsoft
Office products.

On-the-fly modifications can be made to the requests and responses that
move between Sharepoint and Active Directory instances, in order to finesse possible data inconsistencies between Directory instances if required.

Finally, load balancing and failover mechanisms can be activated to take
advantage of redundant Active Directory instances, offering improved performance and high availability.

Benefits

Avoids the configuration of complex trust relationships across forests
Easy to integrate additional Active Directory instances
Appropriate request routing based on domain information
Built-in security controls
Possibility to modify requests and responses to finesse data inconsistencies
Optional load balancing or failover options for improved performance and availability

About Symlabs

Symlabs is the performance leader for virtual directory and identity management solutions. Benchmarks show Symlabs Virtual Directory Server, LDAP Proxy and Federated Identity Suite are the fastest and most powerful products in the industry for managing and unifying identity data. Global giants like Sony, IBM, Vodafone, Nokia and United Nations already depend on Symlabs to add flexibility, security, and reliability to their infrastructure. Symlabs also offers annual support, training and professional services to our clients to help them develop, integrate, and maintain solutions.