DPA 6 using Windows Domain Authentication

Hi

Hi Roland

Many thanks for the tips.

I believe the documentation of the product must be improved - I always suffer with DPA regarding its documentation and end up in here for help - what is not a bad thing (i.e. being in here on the forum), however I think EMC should improve the documentation of the product.  (Thumbs down for EMC on this respect - see my other post about Firewall Ports)

We need to use Anonymous Bind because our user names must  change their password very frequently and putting a user on "User Properties" will become unmanageable (i.e. the user password gets changed, authentication on DPA for everybody gets compromised, etc).

Ok, I've managed to get this working for now (more tests needed and I will be doing this very soon):

1) Reason one that it wasn’t working:

The documentation explicitly states, and I quote:

"If you have installed DPA on a UNIX environment and are authenticating to a Microsoft Active Directory LDAP server, you cannot connect to the Windows machine using SSL."

I assume the LINUX installation can be considered as "UNIX" in this context.

However, no matter whatever I’ve put in place on the fields and Anonymous Bind or not, Auto Login or not  it didn’t work.

So, when using/ticking ”Use SSL" , even though we were said that “we cannot connect” from the documentation , that was the ONLY way the Domain Controller (in our environment) accepted the connection (DPA version 6.1.0 Build 81945)

2) The use of  “username or DN of the user”

The user name doesn’t work, it must be the DN - what a pain this is EMC!

But is working (for now!) so I forgive you guys!

3) Auto Login

No need (and for now we are not going to use it anyway)

4) How it works in our environment

As per 3, we will not be using (and I repeat for now) auto login

So, to work properly we add the user locally on DPA with Authentication Type LDAP

ISSUE: the Logon Name doesn’t support the "_" character - that we use a lot around here and matching the "local login" and the DN name became impossible - EMC could you please look at that please?

Example that works for our environment ( DPA 6.1.0 Build 81945 running on Linux 64 bits)

Admin -> User & Security (tab) -> Manage Users -> Create user

Name = John Smith

Logon Name = E123457ADM    -->>> John Domain Name as ADM is  E123457_ADM but "_ " is not permitted in here!

External Name = CN=John Smith,OU=Admin Accounts,OU=Admin,OU=MSP01,DC=xxx,DC=xxxx,DC=xxxx

                          If you are wondering: no the CN= E123457_ADM    doesn’t work

Role = Administrator   ( We need John to be a local Admin on DPA)

Authentication Type = LDAP

The configuration under "Manage External Authentication"

Use LDAP Authentication = ticked

Host Properties

    Server =   x.x.x.x  I've used the IP of the Domain

   Use SSL = ticked

   Port = 636

   LDAP Version = 2

   Base Name=  DC=xxx,DC=xxxx,DC=xxx      (put your domain name in here)

   Idetification Attribute = sAMAccountName

   Anonymous Bind = ticked

   User Properties = all clear

Auto Login Properties

  Enable Auto Login = this is UNTICKED!

When clicking the "Test User" button:

Username = CN=John Smith,OU=Admin Accounts,OU=Admin,OU=MSP01,DC=xxx,DC=xxxx,DC=xxxx
Password = put Johns password in here

I hope this will help when someone is searching on the subject.

Thank you all

Regards,

Marco