Updated August 1st, 2016
To use AD or LDAP user authentication in DPA:
Enter the domain name.
SolarWinds recommends using a domain name, not the name of a specific domain controller.
If your domain users authenticate from a different domain other than the domain specified here, you must connect to the global catalog ports 3268 or 3269. The domain users must belong to a universal group, and that universal group must be added under Options > Administration > User Administration.
Select the port number.
If you use a unique port, select Other non-standard port. Enter the port number, and select SSL if required.
DPA uses this user to search the directory service for users and groups.
For the AD user name, use one of the following formats:
For the LDAP user name, use the following format:
If you use an SSL port and the verification fails, DPA must import its certificate. Click Yes on the confirmation window to try again.
SolarWinds recommends selecting the default, so DPA uses the detected base DN from the previous step.
Example of default base DN:
You may use a value other than the default base DN. For example: You use a global catalog that supports multiple domains, and you want to broaden the scope of the search.
Example for multiple domains:
If this is your first time using this wizard, do not use the advanced settings.
Only use advanced settings if you completed this wizard and you experience slow domain user logins or group searches.
Set the User Search Base value if domain user logins take a long time.
If your company has one domain, specify the location in the directory tree that contains all of the domain users that will use SolarWinds DPA.
If you do not know what to put here, ask the domain administrator of your company the following questions:
"What folder, or organization unit (OU), in the directory tree of the domain contains all of the users? I must specify a search base for users. What is the distinguished name of the folder?"
cn=users OR ou=users
Set the Group Search Base value if domain group searches in User Administration take a long time.
Specify the location in the directory tree that contains all of the groups to which SolarWinds DPA users belong.
If your company has multiple domains, you can enter the group search bases individually. After you add groups to SolarWinds DPA using the group search base from one domain, update this wizard to specify a group search base in another domain.
If you do not know what to put here, ask your the domain administrator of your company the following:
"What folder, or organization unit (OU), in the directory tree of the domain contains all of the groups? I must specify a search base for groups. What is the distinguished name of the folder?"
cn=groups OR ou=groups
Confirm the information for configuring DPA with your directory service, and click Finish.
You must restart the DPA server for the settings to take effect.
After you have set up DPA to use Active Directory or LDAP, do the following:
DPA does not support single sign-on (SSO) for individual accounts. It only supports AD or LDAP groups.
All domain users in the selected group can log in to DPA using their domain credentials. The users have the privileges you set up for the group in DPA.
You can add multiple AD or LDAP groups in DPA. If a domain user is a member of more than one group, DPA grants them the combined privileges from all of their groups.
When you enter the domain user name and password in the DPA login screen, DPA searches your directory service for a matching user name, and then authenticates using the password. If the domain user belongs to one of the groups that you configured as a DPA custom user, the login succeeds.
DPA supports three types of login name formats for Active Directory:
The user name used by DPA is the LDAP user object