You can configure the authentication mechanism for site-aware selection of a local directory by editing the LdapServerName property to a DNS SRV RR formatted site name, for example:
<Mechanism Name="ldap"> <MechanismProperties MechanismEnabled="yes" AuthorizationSupported="no" ... LdapClientMechanism="simple" LdapServerName="_ldap._tcp.SantaDominDiv._sites.domain1.com" ... /> </Mechanism>
Configuration Option | Description |
---|---|
<Mechanism Name="ldap"> | Site awareness requires directory authentication of the user, using the LDAP mechanism. |
MechanismEnabled="yes" | The LDAP mechanism must be enabled. |
AuthorizationSupported="no" | Site awareness functions whether or not the directory authorizes the user. |
LdapClientMechanism="simple" | The example is for a system using simple binding. |
LdapServerName="_ldap._tcp.SantaDominDiv._sites.domain1.com" | This setting requires a DNS SRV RR formatted site name, which identifies the local site directories available to authenticate the user. |
In addition to performing the TDGSS configuration shown, if the DNS service for the domain in which the database resides is not the one where Active Directory registers its site-aware DNS SRV RRs (that is, a “foreign” service), then you must also manually configure the site-aware SRV RRs in the foreign DNS service.
For DNS SRV RR configuration instructions, see LdapServerName.
When you configure the LdapServerName property for site awareness, the authenticating mechanism selects a directory at random from among the available local directories for the site.