The Orchestrator Appliance contains a preconfigured OpenLDAP server that is suitable for experimental use in small- and medium-scale environments. To use the Orchestrator Appliance in a large-scale environment for production purposes, you can set up a new directory service server and configure Orchestrator to work with it.

Orchestrator supports the Active Directory, eDirectory, and Sun Java System Directory Server directory service types.

Connect your system to the LDAP server that is physically closest to your Orchestrator server, and avoid connections to remote LDAP servers. Long response times for LDAP queries can lead to slower performance of the whole system.

To improve the performance of the LDAP queries, keep the user and group lookup base as small as possible. Limit the users to targeted groups that need access, rather than to whole organizations with many users who do not need access. Depending on the combination of database and directory service you choose, the resources you need can vary. For recommendations, see the documentation for your LDAP server.

Important

Multiple domains that are not in the same tree, but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.

Subtopics