Before Release 3.4, you could configure multiple LDAPs and have multiple base contexts on each LDAP, but you could only use one of them for authorization and authentication. With the single authentication and authorization domain restriction in place, users had to be provisioned multiple times so they existed in the authentication and authorization domain and in the other LDAPs used for search.

As of Release 3.4, the multiple authentication and authorization feature removes the requirement for a single domain for authentication and authorization and facilitates the following deployments:

• A single LDAP infrastructure belonging to a single organization with multiple configured domains.

• Two distinct LDAP infrastructures belonging to two separate organizations.

The Avaya Aura® Web Gateway supports up to ten LDAP authentication and authorization domains.

When multiple directories are enabled for authentication, you must provide your FQDN to log in. For example: username@avaya.com. A short user name is not supported. If you do not have proper data in user name attributes, such as mail and userPrincipalName, you can assign a custom attribute that is used for the UID mapping of user names. All values in the custom attribute must be a fully qualified user name of the form username@domain, where domain must match one of the base context DNs defined for the LDAP.

During the initial Avaya Aura® Web Gateway installation procedure, you can configure only one LDAP server. If you want to add more LDAP servers, use the web administration portal. For more information, see Adding a new enterprise LDAP server in Administering the Avaya Aura® Web Gateway.