Issue with IDCE as authentication server in ITA

Dear Jef Faridi,

From your answer:

It is supported to integrate DCE as authentication server in DCO/ITA.

Tell me please, somewhere in the documentation on DCE it is said about such a possibility?

The DCIM community will be grateful if you indicate where is located the detailed description of this possibility (in the documentation or on the DCIM portal).

Very thanks for the support.

(CID:152571206)

There is a mention to this functionality in the DCO documentation here: https://sxwhelpcenter.ecostruxureit.com/display/UADCO8x/Configuring+authentication+servers+used+for+...

(CID:152571231)

Greg Sterling, thanks for the info.

If possible, briefly tell us which authentication mechanism is used in this case (via DCE)?

In addition, I drew attention to this:

Indirect AD authentication (via DCE) is not recommended.

Can you comment please?

Very thanks for the support.

(CID:152571236)

Hi Jef,

I'm running the same version as you:

ITA 9.0.4 & DCE 7.7.1

Regards,

Eduard

(CID:152571246)

spezialist, this mechanism was implemented in early DCO versions. At that moment DCO had no AD authentication feature, but it was in DCE. So you create remote user in DCE which authenticated via AD. And after that create user in DCO which autenticated in DCE.

And when you try to login into DCO, it call DCE, which call AD and in the end of the journey user is athenticated by AD 🙂

(CID:153092177)

Hi all,

Many thanks for the info Eduard. Issue might basically be related to the latest improvement in DCE itself, however as mentioned I have logged an investigation/enhancement case for this.

And to clarify:

In ITA (or DCO) when configuring authentication servers, the supported types are:

Active Directory

Data Center Expert

LDAP

This type of authentication has been (and still is) supported since early DCO versions.

The scenario Valentin you are describing may or may not work, but that is not supported in ITA (or DCO). User(s) must be local to DCE, when DCE is being used as authentication server.

 Kind regards

(CID:153092189)

Valentin Kozlov and Jef Faridi,

Many thanks for the useful information.

It seems to me, that this detailed information should be published on the DCIM portal in both the DCO and DCE support sections.

With respect.

(CID:153092195)

Hi,

This feature is being used in DCO/ITA, for more info please see the following page:

https://sxwhelpcenter.ecostruxureit.com/display/UADCO8x/Configuring+authentication+servers+used+for+...

Kind regards

(CID:153092198)

Jef Faridi,

I know this and this is good, but it does not say about the restriction that you wrote about:

The scenario Valentin you are describing may or may not work, but that is not supported in ITA (or DCO). User(s) must be local to DCE, when DCE is being used as authentication server.

I think this is an important nuance.

With respect.

(CID:153092201)

Hi,

The documentation (in the above mentioned web page) says "Indirect AD authentication (via DCE) is not recommended."

But, thanks for the suggestion, will add additional note to make it more clear.

Kind regards 

(CID:153092207)

Ok, many thanks for the clarification.

(CID:153092213)