The user integration with Active Directory offloads the password verification and storage from the dbWatch Control Center domain controller to Active Directory.
To allow the correct communications between the dbWatch Server and the Active Directory server, some firewall openings must be in place. Typically 2 port openings are used when communicating with AD.
Port 389/TCP for unencrypted and TLS connections
Port 636/TCP for SSL connections
Depending on the setup, one or two of these ports must be open.
Mapping the domains
In the configuration directory of Control Center, by default “C:\ProgramData\dbWatchControlCenter\config\”, there is a directory domain and under that one directory for your specific Control Center domain. Example:
p. In this directory a file, ldap.json must be created to provide a mapping between the Active Directory domain and the Active Directory server. dbWatch Control Center is able to authenticate users for multiple domains.
Example mapping file:
A restart of the Control Center service is necessary to trigger a detection and read of this file.
When a new user is then created, the “AUTH MODE” must be set to “Active Directory”:
Mapping the usernames
You must then map the Control Center username, in “USERNAME” to an Active Directory user, “AD USER”. It can be a similar username, but the “AD USER” must provide a domain after the “@”, that corresponds with the domain in the ldap.json mapping file.
Add the credentials
As a normal user, you can then add and modify privileges in Control Center.
Once all this is in place you should be able to test the connection. The password will be authenticated against the Active Directory server.