About the IDex Directory

The IDex Directory is part of the IDex solution, which identifies users in a wide variety of wide area networks where link speed and reliability cannot be guaranteed at the level that you want. IDex consists of several components. The IDex Directory doesn't verify the user's identity. It is a passive connection used to map group membership received from the IDex Agent or Client to local groups configured on the Smoothwall. The IDex Directory is part of the ID indexing system, which consists of the IDex Client or Agent provides a way of reliably identifying already authenticated users in a wide variety of wide-area, Active Directory domain networks, where link and speed can't be guaranteed. The ID Indexing System consists of the IDex Client or Agent. Both the IDex Client and Agent operate independently of each other. However, if using the IDex Agent, or requiring group mapping with IDex, you must turn on the IDex Directory.

To distribute the identification information among Smoothwall nodes, and storage of information received from IDex, you can configure the IDex Cluster, see our help topic, Configuring global authentication settings for IDex.

Database key assignment

The Database (DB) Key is intended to be used with Multitenant setups where some data sets need to be partitioned from others. Normally, a single IDex Directory is used to hold all data pertaining to all tenants. To resolve conflicts when two domains have an identical domain name, configure a second IDex Directory (for the second tenant) and set its Database Key to a different value to the first IDex Directory. This ensures that each tenant gets its own data set for the purpose of looking up domain usernames, without conflict due to other identical domain names.

The diagram illustrates the problem, and the resolution by modifying Database keys.

The diagram shows a single IDex Directory for two tenants, where each tenant has a single domain, and both domains have the same name, but are not the same actual domain. The diagram on the right shows the same two tenants and domains, but with each tenant assigned its own Directory and unique Database Key.