This comment was originally posted on DCIM Support by spezialist on 2019-12-19

Dear Jef Faridi,

From your answer:

It is supported to integrate DCE as authentication server in DCO/ITA.

Tell me please, somewhere in the documentation on DCE it is said about such a possibility?

The DCIM community will be grateful if you indicate where is located the detailed description of this possibility (in the documentation or on the DCIM portal).

Very thanks for the support.

(CID:152571206)

This comment was originally posted on DCIM Support by Greg Sterling on 2019-12-19

There is a mention to this functionality in the DCO documentation here: https://sxwhelpcenter.ecostruxureit.com/display/UADCO8x/Configuring+authentication+servers+used+for+...

(CID:152571231)

This comment was originally posted on DCIM Support by spezialist on 2019-12-19

Greg Sterling, thanks for the info.

If possible, briefly tell us which authentication mechanism is used in this case (via DCE)?

In addition, I drew attention to this:

Indirect AD authentication (via DCE) is not recommended.

Can you comment please?

Very thanks for the support.

(CID:152571236)

This comment was originally posted on DCIM Support by Everard Eduard on 2019-12-19

Hi Jef,

I'm running the same version as you:

ITA 9.0.4 & DCE 7.7.1

Regards,

Eduard

(CID:152571246)

This comment was originally posted on DCIM Support by Valentin Kozlov on 2019-12-20

spezialist, this mechanism was implemented in early DCO versions. At that moment DCO had no AD authentication feature, but it was in DCE. So you create remote user in DCE which authenticated via AD. And after that create user in DCO which autenticated in DCE.

And when you try to login into DCO, it call DCE, which call AD and in the end of the journey user is athenticated by AD 🙂

(CID:153092177)

This comment was originally posted on DCIM Support by Jef Faridi on 2019-12-20

Hi all,

Many thanks for the info Eduard. Issue might basically be related to the latest improvement in DCE itself, however as mentioned I have logged an investigation/enhancement case for this.

And to clarify:

In ITA (or DCO) when configuring authentication servers, the supported types are:

Active Directory

Data Center Expert

LDAP

This type of authentication has been (and still is) supported since early DCO versions.

The scenario Valentin you are describing may or may not work, but that is not supported in ITA (or DCO). User(s) must be local to DCE, when DCE is being used as authentication server.

 Kind regards

(CID:153092189)

This comment was originally posted on DCIM Support by spezialist on 2019-12-20

Valentin Kozlov and Jef Faridi,

Many thanks for the useful information.

It seems to me, that this detailed information should be published on the DCIM portal in both the DCO and DCE support sections.

With respect.

(CID:153092195)

This comment was originally posted on DCIM Support by Jef Faridi on 2019-12-20

Hi,

This feature is being used in DCO/ITA, for more info please see the following page:

https://sxwhelpcenter.ecostruxureit.com/display/UADCO8x/Configuring+authentication+servers+used+for+...

Kind regards

(CID:153092198)

This comment was originally posted on DCIM Support by spezialist on 2019-12-20

Jef Faridi,

I know this and this is good, but it does not say about the restriction that you wrote about:

The scenario Valentin you are describing may or may not work, but that is not supported in ITA (or DCO). User(s) must be local to DCE, when DCE is being used as authentication server.

I think this is an important nuance.

With respect.

(CID:153092201)

This comment was originally posted on DCIM Support by Jef Faridi on 2019-12-20

Hi,

The documentation (in the above mentioned web page) says "Indirect AD authentication (via DCE) is not recommended."

But, thanks for the suggestion, will add additional note to make it more clear.

Kind regards 

(CID:153092207)

This comment was originally posted on DCIM Support by spezialist on 2019-12-20

Ok, many thanks for the clarification.

(CID:153092213)