Multiple LDAP directories for authentication
Hi,
I just upgraded to GroupWise 2014 (from 2012). In GW2012 I used LDAP authentication against eDir. In GW2014, I associated the GW mailboxes to Active Directory. I tested a few accounts and I can login just fine. However I also have mailboxes that have to authenticate to eDir, because (for now) they don't have AD equivalent accounts.
To achieve this, I also added the eDirectory as a directory in the GW admin console. I then enabled LDAP authentication in the Post Office security settings, without adding the "Available LDAP Servers" to the "Selected LDAP Servers" box.
When I logon to a mailbox that is associated to eDir, it allows me to logon. I do have a mailbox that doesn't allow me to logon, although it is associated to eDir. When I re-associate (remove-add) it, it works for a while only to stop working again. It's not entirely stable.
In the POA log, I see the following message: Alert: Utilize LDAP server which is not in the pool configuration! So it would seem it doesn't particularly like my setup.
Questions:
* Is what I'm trying to achieve not supported or am I configuring it wrong?
* If I add the "Available LDAP Servers" to the "Selected LDAP Servers" box will it use it a failover pool and thus mess up my mixed-directory authentication?
* Is it possible to use GroupWise authentication for some mailboxes and AD authentication for others. If so, it would take away the need to use eDir.
Iwan
It's not an error, just informational. The LDAP AUTH code for the POA has changed somewhat in 2014. Before, it used to only use LDAP servers in a pool, but now, it will first try any LDAP servers/directories in it's "Preferred list", but if it can't not find the user using that list, it will then proceed to try all other LDAP servers that are configured.
--Morris
>>> iwan<[email protected]> 1/9/2015 5:16 AM >>>
Hi,
I am able to authenticate to AD en edir within the same PO. I would like
to phase out edir as maintaining two directories is not ideal. The only
reason I still use edir is for those few GW accounts that do not have AD
counterparts and for which I do not want to create AD accounts. So using
LDAP(AD) together with GW auth would be ideal for me. I'll look into
creating a second PO for this purpose.
I just wonder why the POA log keeps displaying the following message, if
having multiple directories in a single PO is supported: "Utilize LDAP
server which is not in the pool configuration!"
Iwan
iwan
iwan's Profile: https://forums.novell.com/member.php?userid=5639
View this thread: https://forums.novell.com/showthread.php?t=481102
Similar Messages
-
LDAP realm for authentication and ACL in Database
We are thinking of using LDAP realm for authentication and we want to use ACL from a Database. But the documentation says: "WebLogic Server defers to the LDAP realm for authentication, but not for authorization. Authorization is accomplished with access control lists (ACLs), which are defined in the weblogic.properties file"
Can we use LDAP realm for authentication and manage our ACL from a Database? or do we have to use the weblogic.properties file? Do the weblogic security API help in the above scenario? Thanks RamUnfortunately, there is no easy way to do this in wls 6.0.
The only way to handle it is to write your own custom realm
that uses ldap for users and groups and a database for acls -
probably not a viable alternative.
-Tom
"kevin doherty" <[email protected]> wrote:
>
Jeffrey Hirsch <[email protected]> wrote:
You should be able to use the DelegatedRealm interface to utilize the authentication methods from LDAP and the authorization methods from RDBMSRealm...
I'm trying to do this too, but we are using WL6 and I see that the DelegatedRealm interface has been deprecated in this version. I'd greatly appreciate more information on doing this in WL6.
Thanks!
-kd -
Multiple download directories for iTunes
I want to save my iTunes U files in a different location than my regular music. Is there a way to do this?
Currently, when I download an iTunes U video, it stores it in /iTunes/iTunes U/ but I'd like to save it in a completely different directory -- something like ~/Desktop/iTunes U/.
The reason for doing this is somewhat complex and involves the way I've set up iTunes with Dropbox.JamesPalmer wrote:
I want to save my iTunes U files in a different location than my regular music. Is there a way to do this?
Currently, when I download an iTunes U video, it stores it in /iTunes/iTunes U/ but I'd like to save it in a completely different directory -- something like ~/Desktop/iTunes U/.
The reason for doing this is somewhat complex and involves the way I've set up iTunes with Dropbox.
No, iTunes doesn't have settings to allow different media types to be stored in different locations. Perhaps Doug's Scripts will have something you can use to relocate some of the content semi-automatically once it has been downloaded.
tt2 -
Another day, another Livecycle bug ...
I have added a new domain/directory to Livecycle. The synchronization works and the users are correctly added to edcprincipalentity.
Yet whenever i try to logon to workspace i get
An error occurred during the operation. Please try again or contact your system administrator for assistance. (ALC-WKS-007-000)
The log files show:
INFO: ALC-WKS-005-026: Access denied: access permission not assigned to user
What kind of access permissions are we talking about here? Also where can i set these?
I remember that i had this problem ages ago and the solution was something very obscure having to do with the unique identifier or so.
Any ideas?You have to assign your users "LiveCycle Workspace User" Role. To grant this role for all the users in your new domain go to<br />Adminui -> Home > Settings > User Management > Users and Groups. There search for a Group "All Principals in <your domain name>". And assign the above role to that group.<br /><br />This should enable your users to log in to workspace
-
Multiple LDAP Sources for Portal
Per the HELP docs and other forum suggestions, I uploaded a new XML file and called it multildap_datasource.xml
After uploading, it does NOT appear in the drop-down list of files to pick? Am I missing something here?Hi,
Check if you get any error message.
also check in the configuration adapter to see if the file uploaded. -
Configuring Multiple LDAP Domains
I am having trouble configuring multiple ldap domains for declarative security and form-based authentication.
I have setup another instance of Directory Server on my local machine, on a different port. I want to be able to talk to this alternate directory server for form-based authentication and roles.
I have tried to do this by following the instructions at http://docs.iplanet.com/docs/manuals/ias/60/sp3/admin/adbasica.htm#21662, but I've had no luck. Below are screenshots of my configuration. (I've attached a word document in case you don't have a HTML-enabled mail reader).My screenshots were wrong in the e-mail below, but correct in the attached word doc.
----- Original Message -----
From: Matt Raible
Newsgroups: iplanet.ias.general
Sent: Wednesday, August 22, 2001 7:05 AM
Subject: Configuring Multiple LDAP Domains
I am having trouble configuring multiple ldap domains for declarative security and form-based authentication with iPlanet Application Server 6.0, SP3.
I have setup another instance of Directory Server on my local machine, on a different port. I want to be able to talk to this alternate directory server for form-based authentication and roles.
I have tried to do this by following the instructions at http://docs.iplanet.com/docs/manuals/ias/60/sp3/admin/adbasica.htm#21662, but I've had no luck. Below are screenshots of my configuration. (I've attached a word document in case you don't have a HTML-enabled mail reader). -
LDAP client for solaris 9 with ds5.2 on other box
Hi
I have ds5.2 installed on Box1. I am trying to configure ldapclient on solaris 9 box. I want this to point to existing ldap server for authentication. Sun documentation is not clear about how to do that ? as some of the switches mentioned with ldapclient doesn't work. Most of the solutions I saw are on integrated solaris 9 ds server configuration. e.g idsconfig etc. I am not finding how to do basic authentication of solaris9 cient with any ldap server (ds5.2) installed on some other box.The syntax of ldapclient changed in Solaris 9 (at least by 9 12/03). You now specify it like this:
# ldapclient -v init -a profileName=cn=myProfile,ou=profile,dc=example,dc=comIf you're using Proxy Authentication add the following:
-a proxyDN=cn=proxyagent,ou=profile,dc=example,dc=com -a proxyPassword=ClearTextPWYou should have been able to create a profile (storing it in the DIT) when you ran idsconfig. If you took the default name of "default" (cn=default,ou=profile,dc=example,dc=com) you might not even have to specify the profile name to ldapclient.
To generate a new profile and store it in the DIT use:
$ ldapclient -vgenprofile -a profileName=cn=myProfile,ou=profile,dc=example,dc=com -a defaultSearchBase=dc=example,dc=com ...With your various attributes for your profile as specified in ldapclient(1M).
As for pam, you have to decide which you're going to use: pam_unix or pam_ldap. Note that the Solaris pam_ldap is very different from the PADL pam_ldap used under Linux and elsewhere (this makes it easy to find apparently conflicting advice). -
It is possible if you develope your own custom realm :)
Regards
Rob
"Prashant Nayak" <[email protected]> wrote in message
news:[email protected]..
>
Hello:
Wondering if it is possible to use Weblogic in conjunction with more thanone LDAP
server for authentication?
Thanks in advance.
Prashant -
LDAP Authentication Scheme - Multiple LDAP Servers?
How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.
How to set up ldap authentication so that multiple ldap servers are available? Scenario: ldap service is replicated through several servers, but does not sit behind a common dns/reverse proxy connection, so applications would list each ldap server and attempt to contact each in order if one or more ldap servers is unreachable.
-
External LDAP for authentication
Hi All,
I want to use external ldap for authentication purpose with Access Manager.
I tried adding this external ldap as a secondary ldap but couldn�t succeed.
If I add this ldap in the primary ldap along with the AM�s own ldap, this also fails to authenticate users from the external ldap.
How can I achieve this?
I read many topics in this forum regarding this but none of them explain how it can be achieved.
Please suggest.
Thanks in advance.This is what the amconsole log says:
ERROR: ConsoleServletBase.onUncaughtException
java.lang.NullPointerException
at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.constructFilter(LDAPv3Repo.java:3126)
at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.search(LDAPv3Repo.java:1996)
at com.iplanet.am.sdk.AMDirectoryManager.search(AMDirectoryManager.java:1938)
at com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:221)
at com.sun.identity.console.idm.model.EntitiesModelImpl.getEntityNames(EntitiesModelImpl.java:139)
at com.sun.identity.console.idm.EntitiesViewBean.getEntityNames(EntitiesViewBean.java:222)
at com.sun.identity.console.idm.EntitiesViewBean.beginDisplay(EntitiesViewBean.java:177)
at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
at jsps.console._idm._Entities_jsp._jspService(_Entities_jsp.java:86)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:133)
at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:149)
at com.sun.identity.console.idm.HomeViewBean.forwardTo(HomeViewBean.java:109)
at com.sun.identity.console.realm.RealmPropertiesBase.nodeClicked(RealmPropertiesBase.java:90)
at com.sun.web.ui.view.tabs.CCTabs.handleTabHrefRequest(CCTabs.java:129)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580) -
Cisco ACS 5.2 authentication against multiple LDAP servers
Hi Folks,
I have a wireless network that uses ACS 5.2 to handle authentication. The ACS is integrated with an Active Directory LDAP server (my_ldap) and is working correctly at the moment. The authentication flow looks like this:
- User tries to associate to WLAN
- Authentication request is sent to ACS
- Service selection rule chooses an access-policy (wireless_access_policy)
- wireless_access_policy is configured to use my_ldap as identity source.
A sister company is about to move into our offices, and will need access to the same WLAN. Users in the sister company are members of a separate AD domain (sister_company_ldap). I would like to modify the wireless_access_policy so that when it receives an authentication request it will query both my_ldap and sister_company_ldap, and return a passed authentication if either attempt is successful. Is this possible?Assuming you're already authenticating using your AD binding and AD1 as your identity source, you can add a further LDAP server as another identity source and add this to your identity store sequence in your access policy to authenticate against both.
You can also add multiple LDAP servers and add them both to the identity store sequence (if you're not using AD1). -
WLC connect LDAP for Authentication, but could not connect to server
Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
Service Port - Not connected
Distrubution port include:
Management Interface - in AP Management VLAN - 30
Student AP interface - in Student VLAN - 20
Staff AP interface - in Staff VLAN - 10
AD is in Staff VLAN - 10
WLC LDAP Server setting
Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
User Attribute: sAMAccountName
User Object Type: Person
Debug aaa all enable message
*LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
*LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
*LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
*LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
WLC GUI Log:
*LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
*LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
LDP Message of LDAP BaseDN:
Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
4> objectClass: top; person; organizationalPerson; user;
1> cn: Frankie F. Yeung;
1> sn: Yeung;
1> givenName: Frankie;
1> initials: F;
1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
1> displayName: Frankie F. Yeung;
1> uSNCreated: 3850555;
1> uSNChanged: 3850571;
1> name: Frankie F. Yeung;
1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
1> badPwdCount: 0;
1> codePage: 0;
1> countryCode: 0;
1> badPasswordTime: 0;
1> lastLogoff: 0;
1> lastLogon: 0;
1> pwdLastSet: <ldp error <0x0>: cannot format time field;
1> primaryGroupID: 513;
1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
1> accountExpires: <ldp error <0x0>: cannot format time field;
1> logonCount: 0;
1> sAMAccountName: fckyeung;
1> sAMAccountType: 805306368;
1> userPrincipalName: [email protected];
1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
Hope I can resolve this problem ASAP, thanks!Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
But you can do LDAP for web authentication, that has no eap methods.
Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD. -
Problem with Windows 7 802.1x prompted for authentication multiple times
I have setup a WLAN for users to bring in their own devices (devices are not on the domain). It is setup for WPA2-Enterprise/AES and it doesn't require certificates. We authenticate with a Cisco Secure Access Server 5.1.44 (setup with Active Directory).
I have configure dthe Windows 7 wireless client:
WPA-Enterprise/AES
PEAP - removed "Validate server certificate"
EAPMSCHAPv2 properties disabled "Automatically use my Windows login name and password
Advanced settings 802.1x - ticked for "user authentication"
My problem is when I connect to the WLAN, I'm prompted for authentication multiple times (x2). On the second login prompt everything logs in OK. No errors are received after the first login attempt.
ThanksThis doesn't have anything to do with eap settings?
Are the current defaults the recommended settings:
EAP-Identity-Request Timeout (seconds)........... 30
EAP-Identity-Request Max Retries................. 2
EAP Key-Index for Dynamic WEP.................... 0
EAP Max-Login Ignore Identity Response........... enable
EAP-Request Timeout (seconds).................... 30
EAP-Request Max Retries.......................... 2
EAPOL-Key Timeout (milliseconds)................. 1000
EAPOL-Key Max Retries............................ 2
EAP-Broadcast Key Interval....................... 3600
I have seen this multiple times on varying drivers and systems. The first time you login until it is cached.
Thanks,
Andrew -
Hi team,
I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)
I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=www.geo.tv/
I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"
waiting expert opinions. -
Support for multiple source directories
Does JDeveloper support multiple source directories? Whenever I use the class wizard, it always creates the file in the src folder. For unit test cases, I would like the source files to be in test folder.
Re: Multiple Source Folders?
Maybe you are looking for
-
I have downloaded AAC files but I have also added some Mp3s I made earlier from CDs I own and I have updated the info for them in iTiunes and it doesnt seem to have updated the ID3 Tags. Does anyone know which file I need to copy to transfer the info
-
Shutter sound that camera makes when taking a picture sound like it's dying.
The shutter sound that my iphone 5s makes when I take a picture sounds like it's dying. Anyone else have this happen on their phone? This hasn't caused a problem with taking pictures but it sounds weird.
-
Enable Comment XML in InDesign
Hi All, I want to enable all comment tag in InDesign before exporting to xml. It is viewed in InDesign Structure Panel like the following picture. Thanks, Mahesh
-
Colour change when opening LTRM image in PS
My question is as simple as this: In Lightroom my RAW (NEF) image looks like this: After conversion in LTRM from RAW to PSD, it looks like this See how greyish the PSD version is. Just like if someone had cranked the saturation slider down before the
-
I have 2 Content Sources crawled to URL1 and URL2. While searching in 'Everything' navigation link, I need to have a URL1 refiner on the left that shows only contents from URL1. Can I do that?