dbWatch AS

User integration with Active Directory

The user integration with Active Directory offloads the password verification and storage from the dbWatch Control Center domain controller to Active Directory.

Port openings
To allow the correct communications between the dbWatch Server and the Active Directory server, some firewall openings must be in place. Typically 2 port openings are used when communicating with AD.
Port 389/TCP for unencrypted and TLS connections
Port 636/TCP for SSL connections
Depending on the setup, one or two of these ports must be open.

Mapping the domains

In the configuration directory of Control Center, by default “C:\ProgramData\dbWatchControlCenter\config\”, there is a directory domain and under that one directory for your specific Control Center domain. Example:
bc.. C:\ProgramData\dbWatchControlCenter\config\domain\test.com\
p. In this directory a file, ldap.json must be created to provide a mapping between the Active Directory domain and the Active Directory server. dbWatch Control Center is able to authenticate users for multiple domains.
Example mapping file:

A restart of the Control Center service is necessary to trigger a detection and read of this file.

Creating users

When a new user is then created, the “AUTH MODE” must be set to “Active Directory”:

Mapping the usernames

You must then map the Control Center username, in “USERNAME” to an Active Directory user, “AD USER”. It can be a similar username, but the “AD USER” must provide a domain after the “@”, that corresponds with the domain in the ldap.json mapping file.

Depending on your domain setup it might be necessary to prepend the domain name to the username. This is on the form domainname\username@ldap.json reference
So for the user test in the domain DEMOAD1 this would be DEMOAD1\test@demoload1

Add the credentials

As a normal user, you can then add and modify privileges in Control Center.

Test connection

Once all this is in place you should be able to test the connection. The password will be authenticated against the Active Directory server.

← Creating a user / Managing security groups →

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment