Skip to content

Multiple Domain Configuration#

Critical Manufacturing MES supports multiple domain configuration. You need to perform three simple steps to enable multiple domains:

Host configuration file#

Set the different fully qualified domain names (FQDN) on the LDAPPATH variable key on the BusinessTier\Cmf.Foundation.Services.HostService.dll.config file. As an example:

<!-- The Address of the LDAP Server -->
<add key="LDAPPATH" value="examplefirstdomain.com;exampleseconddomain.com"/>

Info

For more information on the variables, visit the Configuration files page.

GUI Configuration entries#

Set the configuration entries referencing the inserted LDAPs, specifically:

  • /Cmf/System/Configuration/LDAP/Credentials/[domain]/DisableCertificateValidation
  • /Cmf/System/Configuration/LDAP/Credentials/[domain]/Port
  • /Cmf/System/Configuration/LDAP/Credentials/[domain]/UseSSL
  • /Cmf/System/Configuration/LDAP/Credentials/[domain]/UserName/
  • /Cmf/System/Configuration/LDAP/Credentials/[domain]/UserPassword/

Warning

Each set of configurations must exist for every different configured domain.

For more information, see System Configuration Entries.

Security Portal#

In order for the Security Portal to interact with multiple domains, it has to be configured with one Active Directory strategy per domain. This can be achieved by modifying its config.json file and configuring the additional entries. Bear in mind that it is not possible to configure more than one strategy in the DevOps Center (for containerized installations) or the Deployment Framework (for traditional installations). Instead, you should provide a package that transforms the config.json file, which will run as part of the installation process.

Info

For containerized installations, the file is located in /app/src/config.json (in the Security Portal container), whereas for traditional installations it is located in SecurityPortal\config.json.

See the example below:

{
 "id": "ExampleFirstDomain",
 "type": "local-ActiveDirectory",
 "config": {
  "defaultDomain": "examplefirstdomain",
  "ldap": {
   "url": "ldap://examplefirstdomain.local",
   "base": "DC=examplefirstdomain,DC=local",
   "user": "EXAMPLEFIRSTDOMAIN\\messervice",
   "password": "<password>"
  }
 }
},
{
 "id": "ExampleSecondDomain",
 "type": "local-ActiveDirectory",
 "config": {
  "defaultDomain": "exampleseconddomain.company.com",
  "ldap": {
   "url": "ldap://exampleseconddomain.company.com",
   "base": "DC=exampleseconddomain,DC=company,DC=com",
   "user": "EXAMPLESECONDDOMAIN\\mesadmin",
   "password": "<password>"
  }
 }
}

Info

For more information, visit the Security Portal page.