Integration Steps

Author: [email protected] 84 views

Password Manager supports easy integration into multiple Microsoft Active Directories from a single implementation. The configuration is done from the Password Manager Administration Client implemented as part of the Password Manager Backend Server. The communication to the Active Directory infrastructure is done from the Password Manager Gateway Server. The integration is implemented using LDAP v3 communication and this can optionally be implemented to use either Secure mode or SSL mode. Secure mode is the default mode and the one used by Microsoft Active Directory internally for synchronizing passwords between Domain Controllers. Password Manager requires the following parameters to be configured to be able to access a Microsoft Active Directory Domain.

Parameter Description
Domain Names
The full qualified domain name of the domain like mycorporation.com.
Domain Alias
A label typically the same as the NetBIOS name for the domain which is what is shown in desktop login interfaces.
LDAP Base DN
The distinguished name (DN) to use as the offset in the LDAP tree structure. This can point to an Organization Unit (OU) like in OU=Employess,DC=mycorporation,DC=com or to the root node like in DC=mycorporation,DC=com.
Connection Mode
The connection mode to use for the communication. Microsoft Active Directory offers the modes normal, secure and SSL but Password Manager only supports Secure and SSL mode. The secure mode used Kerberos for the authentication which is dependent on normal domain communication from the Password Manager Gateway Server and to the Domain Controller in addition to communication on port 389 (TCP). The SSL mode requires a certificate to be implemented on the Domain Controller which is not a trivial task but then as an advantage it only requires communication on port 636 (TCP) from the Password Manager Gateway Server and to the Domain Controller.
Domain Account Name
The name for the account with privileges to read user attributes and to reset passwords.
Domain Account Password
The password for the account specified.

In order to support a higher fault tolerance, Password Manager can be configured to access multiple domain controllers in the same domain possibly with an offset from different Password Manager Gateway Servers. To configure in this way the following information must be configured for each connection to the Domain.

Parameter Description
Domain Controller
The fully qualified hostname or IP address for a domain controller. If SSL mode is desired for the communication then the fully qualified hostname is required.
Gateway Server
The Password Manager Gateway to use as offset for the specified Domain Controller.

All parameters are stored in the Password Manager Data Storage (ADAM) and sensitive information like account name and password is stored with strong encryption. Information must be configured for each connection to the Domain.