Hello, I am new to CA but I know we use both AD and CA Directories currenlty, I am wondering, is there a way that we can have the CA directory pull AD account information? Right now it’s a pain with 2 user data sources. Thanks!
CA Directory has a feature refered to as DXlink. This feature allows CA Directory to include AD instances in the directory information tree they service.
This can be achieved by adding a new router DSA instance and configuring a reference to AD.
For example, if we have an AD user store with prefix "ou=Users,dc=ca,dc=com" and a CA Directory user store with prefix "ou=Users,o=CA,c=US". A router can be configured at prefix "o=CA,c=US" as such
prefix = <c US><o CA>
prefx = <c US><o CA><ou Users>
AD knowledge (virtual reference)
prefix = <c US><o CA><ou ADUsers>
native-prefix = <dc com><dc ca><ou Users>
link-flags = dsp-ldap
CA Directory will then map users from AD into it's own directory information tree.
There are few more options depending on your use case and if encryption is required which can be a little bit tricky to configure initially. But in answer to your question yes this is possible and a common requirement. A special AD user may need to be configured (ldap-dsa-name/ldap-dsa-password) to allow CA Directory authenticated users access to AD. For AD authenticated user, CA Directory can trust them and they are authenticated by AD using pass-through authentication.
Please see the CA Directory Administration Guide -> Chapter 6: Set Up Distribution and Routing -> Connect To Other LDAP Servers for more information.
Retrieving data ...