Highlighted
Magnuj
1 Copper

Hi, I am trying to setup LDAP on DPA v 6.2.3 and it will not validate.

Jump to solution

Does anyone have examples on setting up LDAP on DPA 6.2.3?

I have the admin guide but it is not very clear on the inputs.

Thanks,

John

0 Kudos
1 Solution

Accepted Solutions
umichklewis
4 Tellurium

Re: Hi, I am trying to setup LDAP on DPA v 6.2.3 and it will not validate.

Jump to solution

I've been using LDAP on DPA since 5.5.  I'm on DPA 6.2.3 Build 99512:

2016-09-21 13_48_53-Data Protection Advisor.png

The server field should have the FQDN of the DC or LDAP server you wish to authenticate against.

If you're using SSL with Windows AD, you'll want Port 636.  We use LDAP v2, as our DCs are Windows Server 2012 with 2012 Domain functionality.

Base Name should be in "DC=<my realm>,DC=<.com, .net, etc.>.

We don't allow anonymous binding to AD, so I skip the next check box and specify the name of my authenticating account.  In my case, if the user is "LDAP Credential", which is listed in AD is "CN=LDAP Credential,OU=Administrative,OU=Basic Accounts,OU=Service Accounts,OU=Storage,etc.etc,DC=<my realm>,DC=<.net, .com, etc.>

If you can get your user account entered as such, you should be able to validate, as long as your password is right.

If you can't authenticate, I'd double-check the password, then ensure the account isn't locked or has any other limitation set on it.  For the longest time, our AD admins kept applying a GPO that expired the password every 100 days, even though our password expiration is nowhere near that.  Once we removed the offending GPO, I haven't had a problem since.

Let us know if that helps!

Karl

0 Kudos
1 Reply
umichklewis
4 Tellurium

Re: Hi, I am trying to setup LDAP on DPA v 6.2.3 and it will not validate.

Jump to solution

I've been using LDAP on DPA since 5.5.  I'm on DPA 6.2.3 Build 99512:

2016-09-21 13_48_53-Data Protection Advisor.png

The server field should have the FQDN of the DC or LDAP server you wish to authenticate against.

If you're using SSL with Windows AD, you'll want Port 636.  We use LDAP v2, as our DCs are Windows Server 2012 with 2012 Domain functionality.

Base Name should be in "DC=<my realm>,DC=<.com, .net, etc.>.

We don't allow anonymous binding to AD, so I skip the next check box and specify the name of my authenticating account.  In my case, if the user is "LDAP Credential", which is listed in AD is "CN=LDAP Credential,OU=Administrative,OU=Basic Accounts,OU=Service Accounts,OU=Storage,etc.etc,DC=<my realm>,DC=<.net, .com, etc.>

If you can get your user account entered as such, you should be able to validate, as long as your password is right.

If you can't authenticate, I'd double-check the password, then ensure the account isn't locked or has any other limitation set on it.  For the longest time, our AD admins kept applying a GPO that expired the password every 100 days, even though our password expiration is nowhere near that.  Once we removed the offending GPO, I haven't had a problem since.

Let us know if that helps!

Karl

0 Kudos