[jcifs] JCIFS for Multiple Domains

Merlin Beedell merlin_b_wizard at hotmail.co.uk
Thu Nov 9 13:21:11 GMT 2006

The product can connect to a mix of trusted and completely separate 
Directory domains.  Where, for example, we have a single system used at an 
ISP, with 5 or so separate companies-worth of employees attaching - then 
there is no trust between the ADs.  So what we need is:
- any number of jcifs threads, each one configured to a different AD
- when a user connects to the login web page, some criteria is used to 
determine which company they belong to
- the web then uses the associated jcifs thread to validate the user

Perhaps this is not possible.  But worth asking, I think.


>From: Yannick <yannick at smellyfrog.com>
>To: Merlin Beedell <merlin_b_wizard at hotmail.co.uk>
>CC: jcifs at lists.samba.org
>Subject: Re: [jcifs] JCIFS for Multiple Domains
>Date: Wed, 08 Nov 2006 16:10:46 +0000
>Hi Merlin,
>I'm not a specialist, but from what I understand if you have domains 
>trusting each other, then you can implement multiple domains 
>We have implemented this successfully in Banta. We have different domain 
>from different offices and location for example in the US, Europe and 
>Singapore and all our users are authenticated automatically, even though 
>our web and app servers are located in the US only.
>I'm not familiar with the way the network and domain controller are setup, 
>but on the JCFIS side it was pretty transparent.
>Hope this helps
>Merlin Beedell wrote:
>>Is there a good/standard/any way to create a [Tomcat] Website that can use 
>>JCIFS to provide Single Sign On for MULTIPLE domains.  In other words, for 
>>the website to determine which company the user is coming from, and then 
>>to target that company's Active Directory using JCIFS for authentication.
>>As I understand it, JCIFS runs at the site level, which means that it can 
>>only work with a single LDAP/Active Directory host. [We have it working in 
>>this way]. However...
>>Let us assume that a single company has aquired 2 other companies. They 
>>operate 3 separate active directories, all be it in a forrest.  The Web 
>>site allows people from all 3 companies to access it.  Once the web has 
>>determined which company the user is from, then it needs to do a JCIFS 
>>lookup for sign-on.
>>Is this even possible?
>>Be the first to hear what's new at MSN - sign up to our free newsletters! 

Windows Live™ Messenger has arrived. Click here to download it for free! 

More information about the jcifs mailing list