Hi, we are helping a user configure their:
1) OpenLDAP server
2) DMA server to communicate to the OpenLDAP server
The management of users, groups and password will all be done on the OpenLDAP server.
So the use cases will be limited to DataMiner being able to authenticate a user against OpenLDAP and determine their groups/permissions based on what groups they belong to in OpenLDAP.
Based on current testing, the current situation is that DMA server does not belong to any Domain (i.e.: defaults to WORKGROUP)
It is observed that it is possible to add groups from OpenLDAP. The result is that domain users belonging to the domain group are also added to DataMiner. It is also observed that 'WORKGROUP' is prefixed to the added domain group and users.
It is understood that if OpenLDAP does not define a domain, DataMiner prefixes 'WORKGROUP'. And when an attempt to authenticate a domain user is done, things fail because the OpenLDAP does not recognize WORKGROUP as a valid domain.
1) Does the above paragraph correctly explain how DataMiner would behave?
2) If it is not possible to create domains in OpenLDAP, are there any other alternatives to make things work between DMA and OpenLDAP?
3) Does DataMiner require the OpenLDAP server to be configured differently if DataMiner is part of a Domain?
Hi Bing,
It is also observed that 'WORKGROUP' is prefixed to the added domain group and users.
DataMiner will prepend the domain of the server before the groups & users, so it's not hardcoded to WORKGROUP specifically. In your case, the server just isn't in a domain.
I think that this could be a software issue because it will likely prevent users from logging in. I verified on 10.0 and there it was also the case, although I seem to remember this was not the case on older versions.