Hosting Multiple Communities with a Single Shared Membership Directory

ID: Q216362

The information in this article applies to:

Microsoft Site Server version 3.0

SUMMARY

Service providers have the option of configuring their systems for multiple domains to accommodate multiple customers, each with their own separate community of users. When implementing such a scenario, a single shared Membership Directory may be used. In order to prevent namespace collisions in this configuration, the Membership Directory should be segregated into multiple subcontainers.

MORE INFORMATION

If you want the community container names to be hidden from the user authentication process, the Authentication Service for each customer must be directed toward the container in which appropriate member data is located. In such a case, a separate Authentication Service instance is required for each container on each application server (but not for each application on a single server).

To change the container that the Authentication Service uses as the starting point for finding users for authentication (the base DN), run the PMADMIN script on the Membership Server to which the customer's Web site is mapped.

PMADMIN SET AUTHSVC /ID=[instance#] /BaseDN="ou=[container],ou=members"

where: [instance] is the instance number of the Membership Server to which the customer's Web site is mapped.

NOTE: To determine the instance numbers, use the following command:

PMADMIN LIST INSTANCE

[container]
Distinguished Name of the customer's container under ou=Members specified from lowest first, and not including the o=[root] value

For example, a service provider supports three different customers on a single Website.

Customer1 is assigned a Membership Server instance 1
Customer2 is assigned a Membership Server instance 2
Customer3 is assigned a Membership Server instance 3

All three instances share the same LDAP, which connects to a SQL Server database.

Each customer's Web Server uses a different Membership Server instance. If each customer is segregated in the Membership Directory database, the Authentication Service may be reconfigured to use the correct container. In this case, the following PMADMIN commands would correctly reconfigure the Authentication Service:

PMADMIN AUTHSVC /ID=1 /BaseDN="ou=Customer1,ou=members"
PMADMIN AUTHSVC /ID=2 /BaseDN="ou=Customer2,ou=members"
PMADMIN AUTHSVC /ID=3 /BaseDN="ou=Customer3,ou=members"

For a detailed explanation of strategies and techniques for hosting Internet Service Providers (ISPs) who want to support multiple customers, each with a separate community of users, see the Hosting Multiple User Communities with a Membership Directory white paper in the MCIS Resource Kit.

Additional query words:


Keywords          : 
Version           : winnt:3.0
Platform          : winnt 
Issue type        : kbhowto

Last Reviewed: March 24, 1999