Sun Identity Manager Gateway Location

Unless the LDAP Hostname resource attribute is set, the Gateway will perform a serverless bind to the directory. In order for the serverless bind to work, the Gateway needs to be installed on a system that is in a domain and that “knows” about the domain/directory to be managed. All Windows domains managed by a gateway must be part of the same forest. Managing domains across forest boundaries is unsupported. If you have multiple forests, install at least one gateway in each forest.

The LDAP Hostname resource attribute tells the Gateway to bind to a particular DNS hostname or IP address. This is the opposite of a serverless bind. However, the LDAP Hostname does not necessarily have to specify a specific domain controller. The DNS name of an AD domain can be used. If the Gateway system’s DNS server is configured to return multiple IP addresses for that DNS name, then one of them will be used for the directory bind. This avoids having to rely on a single domain controller.

Some operations, including pass-through authentication and before and after actions, require that the Gateway system be a member of a domain.