How to create domain user account to DPA

DPA 10.2 has an AD/LDAP wizard.  Check out more info here: Configure Active Directory or LDAP - SolarWinds Worldwide, LLC. Help and Support

Question:

I want my team mates to use their own login accounts to connect (windows authenticated) to the DPA portal. Now, I will certainly can't use the password. I do not want to set any password for them, instead I want them to use their own password.

Is this possible to set up the accounts accordingly? Now, afterwards if they change the domain ac password, the connection should work using the credntial.

Thoughts/advise? If you have some proper documentation, would help me save my time

• User: The domain user DPA uses to query the directory for users and groups
• Password: The password of the domain user, preferably one that does not expire

any advise?

Once you've configured AD and granted access to the AD security group, then it will work exactly like you state.

DPA will NOT be doing the authentication - we'll hand that off to AD to validate authentication using the AD credentials (username/password).

DPA does integrate with LDAP and AD  user groups. The items in the Wizard that you are asking about here.

• User: The domain user DPA uses to query the directory for users and groups
• Password: The password of the domain user, preferably one that does not expire

These are simply items you fill in to the wizard to give DPA one user that is an account that can read the LDAP or AD user groups. After this is done DPA will use this account to query LDAP or AD and you can add the groups of your users and they can use their password as normal.   You will need one account filled in the above that we can use to look up if a group exists and what the members of it are. After this account is stored in the DPA file that the wizard saves to with the password encrypted it will be used to check the user groups for your users each time they log in. Hope this helps clarify.

We don't have integration of external AD/LDAP servers to the SolarWinds customer portal.  Each user will need their own login for the customer portal.

Hi Jamin/Brad,

Do you have proper steps to do the task? It will be a very common requirement that instead of using a single login ac (say SQL auth) users should use their corporate login accounts and password to connect to the DPA portal.

Will be grateful if you can suggest with clear steps.

The steps are in this KB. DPA user authentication and permissions using LDAP - SolarWinds Worldwide, LLC. Help and Support  What isn't clear is what you are asking. bmrad​ is understanding you to mean the Solarwinds customer portal. When you say DPA portal that is here. Customer Portal Login | SolarWinds

I think you are looking for your users to log in to the DPA web interface with LDAP. This was always done with an edit to the file as the article says for versions of  DPA  prior to 10.2. 10.2 added a wizard for this so the integration with LDAP and AD could be done in the DPA website. This is where you would enter the information to integrate. The wizard in DPA is found in the following path. Options -> administration tab -> Configure AD/LDAP

Here I will select active directory.

On this screen if you click the link "what information is required to complete the configuration?" you get this screen.

This contains the bullet points you listed before.

• User: The domain user DPA uses to query the directory for users and groups
• Password: The password of the domain user, preferably one that does not expire

I was attempting to explain that this is how the integration works we require in DPA a user that will be used to query your LDAP or AD server preferable with a password that does not expire. From the above KB "Domain Username and Password (aka Manager Account) that DPA will use to query the LDAP server for users and groups."  This user will be used going forward to hand off the test for authentication to  LDAP / AD . This is as mandevil​ mentioned.

After this is configured here DPA will ask you to restart the service. On Windows this is called "Ignite PI server". On linux this is simply running the shutdown.sh and startup.sh files.

After restart if you go to options -> Administration tab -> User Administration. You should see new buttons at top.

Clicking add active directory group will let you do so and you can add a group and map it to permissions. Once this is done your users can log in to the DPA interface with their account and if there password changes DPA will have the change as we are simply handing that off to LDAP / AD to check with the Manager account.

If you need more open a support case please.

Hi,

When I say customer portal ... I am talking about this page./URL.

I am trying to get my users connected via Active directory not via LDAP.