Hi,
We would use Active Directory or OpenLDAP to retrieve and authenticate users and groups using external authentication on AD or OpenLDAP.
Currently, the DMA servers (OS) are not part of an AD.
We conducted some tests with OpenLDAP in 2023. Although we were able to browse users and groups on OpenLDAP, we were unable to authenticate the users.
I would like to pose the following query:
Have any improvements been made to LDAP integration to enable OpenLDAP to be used as an external authenticator?
Could we configure DMA to authenticate against Active Directory when DMA is not part of an AD domain?
Thank you for your help.
Jerome
Hi Jerome,
Yes, it is possible to authenticate against AD when the DMA is not joined to the domain. The configuration is a bit different, but that is documented here:
Configuring LDAP settings | DataMiner Docs
It should also be possible to use OpenLDAP, so not sure what went wrong in your tests in 2023... I'm not aware that much has been changed to this in meantime.
I would although recommend to also take a look if you could use modern authentication instead and use SAML to authenticate against e.g. Azure Entra ID or OKTA. More info can be found here: Configuring SAML settings | DataMiner Docs. When using this type of authentication, you leverage goodies like MFA and all kinds of identity protection features in those identity providers. Nowadays, this is the recommended authentication method.
Bert
Hi Bert,
Thank you for your prompt response. It's a good news.
I'm sharing also by email result of LDAP tests in 2023.
Regarding SAML that would suit us perfectly, but we already use a SAML configuration to provide access to dashboards. So we would need to use another IDP for Cube access, or perhaps IDP chaining?
Is it already used elsewhere? Or even already documented?
Regards
Jerome