The following example shows the configuration of the three directory services in the <LdapConfig> section of the TdgssUserConfigFile.xml
The basic configuration structure required for defining security policies may have already been set up as part of configuring LDAP authentication using multiple directory services. See Configuring LDAP to Use Multiple Directory Services.
<LdapConfig>
<Tls .../>
<Services>
<Service
Id="hrsvc"
LdapServerName="_ldap._tcp.hr.domain.com"
LdapBaseFQDN="dc=hr,dc=domain,dc=com"
LdapServiceFQDN="uid=dbcsvc,ou=services,dc=hr,dc=domain, dc=com"
LdapServicePassword="secret"
.../>
<Service
Id="devsvc"
LdapServerName="_ldap._tcp.dev.domain.com"
LdapBaseFQDN="dc=dev,dc=domain,dc=com"
LdapServiceFQDN="uid=dbcsvc,ou=services,dc=dev,dc=domain, dc=com"
LdapServicePassword="secret"
.../>
<Service
Id="mktsvc"
LdapServerName="_ldap._tcp.mkt.domain.com"
LdapBaseFQDN="dc=mkt,dc=domain,dc=com"
LdapServiceFQDN="uid=dbcsvc,ou=services,dc=mkt,dc=domain, dc=com"
LdapServicePassword="secret"
.../>
</Services>
<Canonicalizations>
<IdentitySearch
Ref="hrsvc"
Match="hr_(.+)"
Base="dc=hr,dc=domain,dc=com"
Filter="(uid=${1})"
Scope="subtree"
DatabaseName="${1}"/>
<IdentitySearch
Ref="devsvc"
Match="dev_(.+)"
Base="dc=dev,dc=domain,dc=com"
Filter="(uid=${1})"
Scope="subtree"
DatabaseName="${1}"/>
<IdentitySearch
Ref="mktsvc"
Match="mkt_(.+)"
Base="dc=mkt,dc=domain,dc=com"
Filter="(uid=${1})"
Scope="subtree"
DatabaseName="${1}"/>
</Canonicalizations>
</LdapConfig>