Hi,
i have a similar problem to this question:
Besides AD we also use OpenLDAP. LDAP is configured and accounts can be added via "add existing accounts" under "User / Group" in the Dataminer Cube "system center".
But Accounts of AD and OpenLDAP get AD\ before their username. This shouldn't be added on openLDAP Accounts.
While logging in with an AD user is possible, openLDAP User get prompted with an false user/pw message. (most likely AD\Username is not known in openLDAP)
As the answer on the other dojo question points to a software issue, i would like to know if this is still an known issue. Our dataminer operates on version 10.3.0.0-13297-CU6
What is expected to show in the User / Groups Tab in Dataminer Cube?
I would expect 3 groups of user: Local User, LDAP User & Domain User.
As i currently see that AD and LDAP User get both sorted under Domain User.
BR Thomas
Hi Thomas,
DataMiner only supports one datasource at a time for user and group management, so ActiveDirectory and OpenLDAP are mutually exclusive (*).
Users and groups imported from AD will be prefixed with the domain name of the domain that the DataMiner Agent computer is joined, which is typically the same domain where the users live.
Users imported from any generic LDAP source (AD, OpenLDAP, ...) will also have their username prefixed with the domain that the DataMiner Agent computer is joined in, even if this has no relation to the LDAP data. It is a means to distinguish local users from domain users. The same applies for users that are imported from a forest of multiple domains with a trust relation: the prefix in DataMiner will always show the one from the DataMiner Agent computer even if a users is actually a member of another domain.
If the DataMiner computer is not joined in a Windows domain, the computername will be used as a placeholder domain prefix for the usernames.
(*) There is a unsupported side-effect that allows you to still login with ActiveDirectory users that have been imported before switching to another user and group management datasource, as long as the DataMiner remains joined in that Windows domain.
The user and group management module used by DataMiner is configured in DataMiner.xml
– If nothing is specified, and the DataMiner agent is joined in an Windows domain, the default is ActiveDirectory, which is essentially an implicit <LDAP /> configuration where the hostname is %LOGONSERVER%.
– An <LDAP /> tag will import users and groups from the specified the LDAP source.
https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_LDAP_settings.html#configuring-ldap-settings-in-dataminer-cube
– A <Crowd /> tag will import users and groups from an Atlassian Crowd server.
https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_Atlassian_Crowd_settings.html
– An <AzureAD /> tag will import users and groups from Microsoft Entra ID (formerly known as Azure AD)
https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_SAML/SAML_using_Entra_ID.html?q=entra&tabs=tabid-1tabid-3#configuring-user-provisioning
– An <ExternalAuthentication type=”SAML” /> can be used to automatically import users (and group claims) from a SAML response when SAML is used as authentication method.
https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_SAML/SAML_using_Entra_ID.html?tabs=tabid-1tabid-3#configuring-automatic-creation-of-users-authenticated-by-entra-id-using-saml
Local users and groups can always be used in combination with one of the above modules.
Being a member of an AD domain does not prohibit the use of a non-AD user and groups datasource.
That makes a bit complicated to integrate dataminer in an existing environment, which uses intern/admin access via AD and an extern/user oriented separated LDAP system. As our dataminer is hosted in a VM, managed by our platform team, we cannot disconnect from the AD.
How do I change which method Dataminer should use?