Handle A Multi-Domain Active Directory

The Active Directory Connector for ACLs indexes Active Control List (ACL) information into a configured "sidecar" Solr collection, so that it can be used by other connectors.

For applications involving multi-domain Active Directory, you need one LDAP data source per domain. Here is an example of a multi-domain Active Directory:

Domain Type


parent domain


child domain


child domain


child domain

In this example, you must have several data sources:

Base DN: DC=na,DC=lucidworks,DC=com

Base DN: DC=can,DC=lucidworks,DC=com

Base DN: DC=sa,DC=lucidworks,DC=com

Please note that querying the Active Directory Global Catalog to have a single LDAP ACL datasource does not work, as the global catalog does not replicate the memberOf attribute of person objects. Doing so results in users not able to see the expected documents.

However, you may be able to set up Active Directory to replicate that attribute. This would allow you to use a single global catalog for your entire Active Directory forest, if desired.