Updated July 5, 2016
You can configure DPA with your company's directory service by clicking Options > Administration > Configure AD/LDAP.
If you configure DPA to communicate over SSL with the AD/LDAP server, and the certificate provided by the server is not trusted by DPA, the configuration wizard offers to import the root certificate authority (CA) certificate or the server certificate as trusted:
Import the root CA certificate if you have multiple AD/LDAP servers in your domain, and DPA is configured to connect to the domain, rather than to a specific server. If you import the server certificate in this scenario, DPA can only establish SSL connections with one of your LDAP servers. Subsequent logins to DPA with LDAP accounts may seem to intermittently fail.
DPA attempts to resolve the root CA certificate by analyzing certificates provided in the SSL handshake with the AD/LDAP server. If the root CA certificate is not present, DPA issues an LDAP query to the LDAP server using the credentials specified in the wizard. The query searches for objects with the
You can configure the query parameters with the following properties in the
You must restart DPA for the new property values to take effect.
You can import certificates manually into the custom DPA trust store. See these articles for more information: