1 Reply Latest reply on Apr 7, 2011 12:01 PM by MarieB

    NPM AD Accounts Integration bug & feature request

    mschenck

      Hi,

      I noticed what looks like a bug related to AD AccountIDs.

      Our company uses digits as Users UID in both Single-Sign-On systems and AD, so once declared in NPM AccountID column in Accounts table looks like DOMAINNAME\501xxxx.

      When acknowledging alerts, the AcknowledgedBy column in AlertStatus column looks like DOMAINNAME(1xxxx  - Orion Website.

      Looks like the \50 is interpreted as octal, hence the ( sign...

      More generally, regarding the AD user accounts, i have a couple feature requests:

      1. Allow use of Users Full Name, or best, user defined attribute from AD instead of their domain logon in acknowledgment or audit trails in NPM/NCM. When using digits or non-human readable logins, and with a large user base, its quite difficult to identify who did what...

      3. Change the login page to include a select one input list displaying possible domainnames inherited from AD or user local computer, and fallback to an input textbox if user is not connected to a domain.
      Turns out entering the DOMAINNAME\ prefix is confusing for a lot of users. Maybe strip the domainname from AccountID column and maintain it in an additional column in the Accounts table ?
      This is more like a 'nice feature to have' than a mandatory thing, but that don't seem like a much difficult thing to implement and would IMHO improve user experience.

      Btw, any plan to integrate NPM website with SSO frameworks such as SiteMinder or OpenID ?

      And one last thing: looking at the Accounts table i noticed the password column was filled for AD-enabled users. Is this a dummy value only or you're actually storing the AD password in there ? Not only this might be considered as a potential security issue, but how do you handle password expiration in AD using this method ?

      Thanks & Regards