Thanks Bill. If, due to security reasons, trusts between domains can't be established, is there any other option? It looks like I can use a custom authentication to authenticate user thru LDAP against AD. Now the problem is QVS authorization, I just learned QV SBE won't suppport DMS, only NTFS. I wish we know this early. Now, what'll be my options? Any advice? Thanks.
Hi Bill/Lien, appreciate your helps as I'm planning a production deployment with IT.
Here are the answers to your questions.
- Does Domain A and Domain B is having same network segment ?
No, different segment. They're at two different regional data center.
- what is the service account that you used to start the QV services ?
I setup a local QVAdmin account under Administrators group to run QV services.
Yes, I wrote SSO and was able to authenticate AD users without any issues thru LDAP. The issue now is user authorization. Because QV SBE doesn't support DMS, I am unable to manage user access unless I add user to the local server since SBE only supports NTSF mode. Any suggestions?
Please find below example on how we achieve it by using AccessControl in Excel file:
(ooxml, embedded labels, table is AccessControl);
(ooxml, embedded labels, table is ApplicationControl);
The first part of example is to define which user have authority to access the particular App and the second part of the example is to control the authorized user to particular "area code" selection.
Therefore, while the authorized user login to the said App, he or she can only select the area code that I defined in security.xlsx.
Hoped it give some ideal for your Apps.