Active Directory authentication issue with DCO 8.0.1

DCIM_Support · ‎2020-07-03

I have newly installed DCO 8.0.1 with database import from version 7.5 SP4. I experienced that active directory users have pretty slow login process on the new web client and windows client as well. Can you please investigate this issue? I uploaded client and server log files to the Schneider appbox.

Furthermore I have a confusion with newly implemented AD group authentication in DCO 8.0.1. I can add Active Directory security groups and at that time I should select one AD authentication server. What will happen if that AD auth server will go down? I have possibility to add multiple auth servers but in this case if I have to “assign” one AD auth server it will be a single point of failure.
Another thing is that I have to also add a user from AD even if this user in a security group which added from AD. In this case which access level will be applied? Which has been setup at user level or the other one at group level?

DCIM_Support · ‎2020-07-03

Additional information: when I use DCE as Authentication server it working smoothly. DCE also using Active Directory groups so I guess something implemented in wrong way in DCO 8.0.1

DCIM_Support · ‎2020-07-03

Another question: I created domain local security groups in Active directory which represent different roles in DCO (like DCO_Admins or DCO_Read_Only_Users). I added AD useraccounts to the appropriate AD groups.

After that I added these groups in DCO and setup the relevent rights (like DCO_Read_Only users are granted Global View right).

Unfortunately users are not able to login even if they have AD group membership. I had to add users manually in DCO > Administration > Users section by selecting an Authentication Server. If did not granted any access level at user section they were not able to access anything even if the AD group provided sufficient privilages (e.g. DCO_Read_Only_Users to view equipment)

This is the way how it should work? Why I have to add "twice" the users. One time in DCO > Administration > Users and in the same time add into AD group?

DCIM_Support · ‎2020-07-03

Hi Mate,

Many thanks for the off-line meting yesterday - just a short note to share here that your kindly provided data/logs (including the updated log set from yesterday) is & will be used for further investigations.

As we discussed, in the current version user will be authenticated against the configured authentication server, but your points and comments have been noted for possible future plans, thanks.

Kind regards

DCIM_Support · ‎2020-07-03

Hi Jef,

I have a customer that is also trying to set up AD Groups in DCO 8.0.1. However it only works when the individual users are added as well. If I'm reading this thread correctly, does the AD Group control permissions/rights, but the individual AD Users still also need to be added?

Feel free to contact me offline, I can also provide additional logs if needed. Thanks in advance.

DCIM_Support · ‎2020-07-03

This question is closed for comments. You're welcome to start a new topic if you have further comments on this issue.