Integration Steps

Author: [email protected] 98 views

Password Manager supports easy integration into multiple Microsoft Active Directories from a single implementation. The configuration is done from the Password Manager Administration Client that is implemented as part of the Password Manager Backend Server. The communication to the Active Directory infrastructure is done via the Password Manager Gateway Server. The integration is implemented using LDAP v3 communication. This can be implemented by either using the secure mode or the SSL mode. Secure mode is used by Microsoft Active Directory internally for synchronizing passwords between Domain Controllers. Password Manager requires the following parameters to be configured in order to access a Microsoft Active Directory Domain.

PARAMETER DESCRIPTION
Domain Name
The full qualified domain name of the domain like mycorporation.com.
Domain Alias
A label typically the same as the NetBIOS name for the domain which is what is shown in desktop login interfaces.
Connection Mode
The connection mode to use for the communication. Microsoft Active Directory offers the modes normal, secure and SSL but Password Manager only supports Secure and SSL mode. The secure mode used Kerberos for the authentication which is dependent on normal domain communication from the Password Manager Gateway Server and to the Domain Controller in addition to communication on port 389 (TCP). The SSL mode requires a certificate to be implemented on the Domain Controller which is not a trivial task but then as an advantage it only requires communication on port 636 (TCP) from the Password Manager Gateway Server and to the Domain Controller.
Domain Account Name
The name for the account with privileges to read user attributes and to reset passwords.
Domain Account Password
The password for the account specified.

In order to support a higher fault tolerance, Password Manager can be configured to access multiple domain controllers in the same domain with a possible offset from different Password Manager Gateway Servers. For configuration purposes, the following information must be configured for each connection to the Domain.

PARAMETER DESCRIPTION
Domain Controller
The fully qualified hostname or IP address for a domain controller. If SSL mode is desired for the communication then the fully qualified hostname is required.
Gateway Server
The Password Manager Gateway to use as offset for the specified Domain Controller.

All parameters are stored in the Password Manager Data Storage (ADAM) and sensitive information like account name & password is stored with strong encryption. The next section explains in details the LDAP operations performed against Microsoft Active Directory and the required privileges for the Domain Account in order to be functional.