Integration Guide › Working with Multiple LDAP Servers › How to Configure Multiple LDAP Servers › Configure the CA Directory Router

Configure the CA Directory Router

CA Directory routes requests to the Active Directory that correspond to the suffix defined in the client request to the Active Directory used by CA Access Control. CA Directory uses the DXlink utility to route the request.

Before you completed this procedure, you installed two Active Directory user stores, for example: acdir1 and acdir2 and CA Directory, named dsarouter.

Follow these steps:

1. From the CA Directory server, open a Command Prompt window
2. Run the following command:

   dxnewdsa -s 1 cadirhost-adrouter 25389
   

   -s 1

   Specify the database size of 1 MB

   cadirhost -adrouter

   Defines the name of the router

   25389

   Specifies the router port

3. Stop the router using the following command:

   dxserver stop cadirhost-adrouter
   

4. Install the router using the following command:

   dxserver install cadirhost-adrouter
   

5. Navigate to the following directory, where DXHOME is the name of the directory where you installed the router:

   DXHOME/config/knowledge
   

6. Duplicate the cadirhost-router.dxc file, as follows:
   1. Rename one file to acdir1-dxlink.dxc
   2. Rename the second file to acdir2-dxlink.dxc
   3. Edit the acdir1-dxlink.dxc file to appear as follows:

      set dsa "acdir1-dxlink" =
      {
          prefix            = <dc "acdir1"><dc "com">
          dsa-name          = <cn "acdir1-dxlink">
          dsa-password      = "secret"
          ldap-dsa-name     = <dc "acdir1"><dc "com"><cn "users"><cn "Administrator">
          ldap-dsa-password = "{CADIR}yKW2cVbG"
          address           = tcp "acdir1" port 389
          auth-levels       = clear-password
          trust-flags       = allow-check-password, no-server-credentials
          link-flags        = dsp-ldap, ms-ad
      };
      

      ldap-dsa-name

      Specifies the Distinguished Named (DN) used to bind to Active Directory

      ldap-dsa-password

      Defines the encrypted password for the DN

      Note: Use the dxpassword utility to encrypt the password. For example: dxpassword -P CADIR <password>.

      address

      Specifies the Active Directory domain controller address

   4. Edit the acdir2-dxlink.dxc to appear as follows:

      set dsa "aclabcail-dxlink" =
      {
          prefix            = <dc "acdir2"><dc "com">
          dsa-name          = <cn "acdir2-dxlink">
          dsa-password      = "secret"
          ldap-dsa-name     = <dc "acl"><dc "aclab"><cn "users"><cn "Administrator">
          ldap-dsa-password = "{CADIR}yKW2cVbG"
          address           = tcp "acdir2" port 389
          auth-levels       = clear-password
          trust-flags       = allow-check-password, no-server-credentials
          link-flags        = dsp-ldap, ms-ad
      };
      

You have configured the CA Directory router.