I want my individual team members to connect to DPA online portal using their individual login accounts (their login account). Can you suggest the steps using that I can achieve the task?
One more question:
Instead of creating an AD group and adding users to it. Is this possible that I just individual users with their user ids and DPA tool can authenticate?
Is this possible. Please suggest.
I want my team mates to use their own login accounts to connect (windows authenticated) to the DPA portal. Now, I will certainly can't use the password. I do not want to set any password for them, instead I want them to use their own password.
Is this possible to set up the accounts accordingly? Now, afterwards if they change the domain ac password, the connection should work using the credntial.
Thoughts/advise? If you have some proper documentation, would help me save my time
Do you have proper steps to do the task? It will be a very common requirement that instead of using a single login ac (say SQL auth) users should use their corporate login accounts and password to connect to the DPA portal.
Will be grateful if you can suggest with clear steps.
The steps are in this KB. DPA user authentication and permissions using LDAP - SolarWinds Worldwide, LLC. Help and Support What isn't clear is what you are asking. bmrad is understanding you to mean the Solarwinds customer portal. When you say DPA portal that is here. Customer Portal Login | SolarWinds
I think you are looking for your users to log in to the DPA web interface with LDAP. This was always done with an edit to the file as the article says for versions of DPA prior to 10.2. 10.2 added a wizard for this so the integration with LDAP and AD could be done in the DPA website. This is where you would enter the information to integrate. The wizard in DPA is found in the following path. Options -> administration tab -> Configure AD/LDAP
Here I will select active directory.
On this screen if you click the link "what information is required to complete the configuration?" you get this screen.
This contains the bullet points you listed before.
I was attempting to explain that this is how the integration works we require in DPA a user that will be used to query your LDAP or AD server preferable with a password that does not expire. From the above KB "Domain Username and Password (aka Manager Account) that DPA will use to query the LDAP server for users and groups." This user will be used going forward to hand off the test for authentication to LDAP / AD . This is as mandevil mentioned.
After this is configured here DPA will ask you to restart the service. On Windows this is called "Ignite PI server". On linux this is simply running the shutdown.sh and startup.sh files.
After restart if you go to options -> Administration tab -> User Administration. You should see new buttons at top.
Clicking add active directory group will let you do so and you can add a group and map it to permissions. Once this is done your users can log in to the DPA interface with their account and if there password changes DPA will have the change as we are simply handing that off to LDAP / AD to check with the Manager account.
If you need more open a support case please.
DPA does integrate with LDAP and AD user groups. The items in the Wizard that you are asking about here.
These are simply items you fill in to the wizard to give DPA one user that is an account that can read the LDAP or AD user groups. After this is done DPA will use this account to query LDAP or AD and you can add the groups of your users and they can use their password as normal. You will need one account filled in the above that we can use to look up if a group exists and what the members of it are. After this account is stored in the DPA file that the wizard saves to with the password encrypted it will be used to check the user groups for your users each time they log in. Hope this helps clarify.
Once you've configured AD and granted access to the AD security group, then it will work exactly like you state.
DPA will NOT be doing the authentication - we'll hand that off to AD to validate authentication using the AD credentials (username/password).
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.