We have two spots for groups to reside inside of AD, which are not children of the same folders (but in the same domain). I am looking for a way to have ES search them both to get the group membership, while not traversing the other the entire domain. I am looking for something like this, and wanted to see if anyone had suggestions or cautions on adding multiple base_dn for group searches.
group_search:base_dn:("OU=Groups,OU=ES,OU=Services,DC=ad,DC=local","OU=Groups,OU=CompanyName,DC=ad,DC=local")
We are on AD realm currently, and will be moving to LDAP in the near future. Anybody else go through this? Is adding another realm the solution (though it seems overkill as the users are not different)?