DPA: Active Directory or LDAP Integration with Data Protection Advisor

DPA supports Microsoft Active Directory and OpenLDAP as LDAP servers. If you have installed DPA on a UNIX environment and are authenticating to a Microsoft Active Directory LDAP server, you cannot connect to the Windows computer using SSL.

The first information required is to get details from the LDAP/AD server. Run below command on your LDAP/AD server:

dsquery user -name "admin.user1"

where admin.user1 is logon name.

Output:
CN=admin.user1,OU=PS ADMINISTRATORS,OU=EMC USERS,DC=example,DC=emc,DC=com
 
This procedure is to validate authentication and group mapping automatically:

1. Go to Admin > Users & Security > Manage External Authentication.
2. Verify or type the following values in the User fields:

• Use LDAP Authentication: selected
• Server: example.emc.com
• Use SSL: selected (optional)
• Port: 686 (389 for Non-SSL)
• LDAP Version: 3 (DPA supports version 2 and 3)
• Base Name: DC=example,DC=emc,DC=com
• Identification Attribute: samaccountname (sAMAccountName for Active Directory integration or uid for LDAP)
• Anonymous Bind: unselected
• Username: CN=admin.user1,OU=PS ADMINISTRATORS,OU=EMC USERS,DC=example,DC=emc,DC=com (Ensure that you copy whole output of dsquery command above)
• Password: <admin.user1_password>

3. Click Validate to verify the LDAP authentication.

Note: The sAMAccountName is attribute name.

4. Check Enable Auto Login and select Role. In this example Administrator is selected.
5. Check Enable Group Mapping and verify or type the following values:

• Group Base: OU=PS ADMINISTRATORS,OU=EMC USERS,DC=example,DC=emc,DC=com (Ensure that you copy whole output of dsquery command above)
• Group Attribute: samaccountname (This attribute is typically either CN or sAMAccountName for Active Directory or uid for LDAP)
• Group Member Attribute: member (member for Active Directory or memberUid for LDAP)

6. Group Mapping. In this case, DPA_Admins group created in the domain controller. Click Add:

                      LDAP Group Name: DPA_Admins
                      Role: Administrator

7. Click Test user to verify the LDAP binding (optional)

• Use the following username and password:

                           Username: admin.user1
                      Password: <admin.user1_password>

8. Close