The machine source is a flexible method supporting authenticating users against the following three sources of user information:

The machine source only works with Active Directory, and not other LDAP directories. Because of this fact it's also a great deal easier to configure - if you wish to authenticate against the same domain as the server belongs to then no configuration is required what so ever!

Machine Source Authentication method provides a simple interface for accessing the local machine or Active Directory user and group information. This is useful for small AD deployments.

FieldDescriptionExample
TypeThe type of users source, possible options are: Active Directory Domain, Active Directory LDS Store, or Local MachineLocal Machine
NameOptional name of the server (either as the source of "local" users, or the active directory domain controller)corp01
ContainerUse this only for Active Directory Domain or Active Directory LDS Store. This is the distinguished name of a container object for users/groups, this should be left blank for Local Machine users.cn=users,dc=mycompany,dc=com
User NameUsername to access the directory/machine (can normally be left blank).Administrator
PasswordPassword to access the directory/machine (can normally be left blank).********
Binding TypeThe authentication mode:
  • Negotiate: The client is authenticated by using either Kerberos or NTLM. When the user name and password are not provided, the Account Management API binds to the object by using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread represents.
  • Simple Bind: The client is authenticated by using the Basic authentication. Caution Communications may be sent over the Internet in clear text if the SecureSocketsLayer option is not specified with simple bind.
Simple Bind
SealingThe data is encrypted by using Kerberos. This flag can only be used with the Negotiate context option and is not available with the simple bind option.Unchecked
Secure Socket LayerThe channel is encrypted by using the Secure Sockets Layer (SSL). Active Directory requires that the Certificate Services be installed to support SSL.Unchecked
Sever BindSpecify this flag when you use the domain context (Active Directory Domain type) if the application is binding to a specific server name.Checked
SigningThe integrity of the data is verified. This flag can only be used with the Negotiate context option and is not available with the simple bind option.Unchecked

Synchronization

You can configure automatic synchronization of users, groups and group memberships from Active Directory.

FieldDescriptionExample
ModeSelect the type of integration you would like with the machine source.1. Authentication only –AD is used to authenticate users only
2. Synchronization – Users, Groups and Group Memberships are automatically created in Enterprise Tester
3. Create User on Successful Authentication – New users are automatically created on first login if they are successfully authenticated in LDAP
ScheduleSynchronization FrequencyManual Synchronization, Every Hour, Every 2 Hours, Every 4 hours, Every 8 Hours, Every 24 Hours
Synchronize UsersSelect to synchronize Users from the machine sourceCheck to synchronize users
Synchronize GroupsSelect to synchronize Groups from the machine sourceCheck to synchronize Groups
Synchronize Group MembersSelect to synchronize Groups from the machine sourceCheck to synchronize Group Members
  • No labels