Highlighted
Absent Member.
Absent Member.
1098 views

Satellite authentication - user source user

Hi,

Running ZCM 11 with Satellite servers at remote sites.

I have setup Authentication as a role for a satellite and it is working.

My User Sources is pointing towards my Edir tree, and authenticates using a user object that exists on a partition local to the PRIMARY Servers.

I have added extra "connections" to this User Source for my Satellites that point towards the local NetWare server which has replicas of the users at that site. Naturally the satellites uses that connection.

Now comes the question:

Given my User Source "username and password" does NOT exist in the local partition on the site server - will this negate any performance increase ?

Basically is the Username specified in the User Source used by the Satellites when performing the Authentication Role ?

If so, is the LDAP connection kept open or cached so that future "local" ZCM User Authentications don't involve a tree walk across the WAN first to authenticate the User Source user ?

Can we specify a username per connection instead of per source so we can use a local user object ? (not visible or documented)

I really don't want to have a partition replicated to every site purely to hold this service account. 🙂


Thoughts, ideas , Facts ?

Thanks in Advance,

Ian
Labels (2)
0 Likes
3 Replies
Highlighted
Absent Member.
Absent Member.

Afaik, the satellite already has the credentials (iarealms.xml rings bells?) that it will use to search the local replica and will not travel the network for the same(which is evident from the fact that an authentication via a satellite happens even if the primary servers / main user source replica are down).
I will try to dig deeper into this tomorrow to find if my claim is valid.
0 Likes
Highlighted
Absent Member.
Absent Member.

kvallish;2164957 wrote:
Afaik, the satellite already has the credentials (iarealms.xml rings bells?) that it will use to search the local replica and will not travel the network for the same(which is evident from the fact that an authentication via a satellite happens even if the primary servers / main user source replica are down).
I will try to dig deeper into this tomorrow to find if my claim is valid.


Okay so it caches the username/password that is specified globally for the user connection.

But when it logs into the local LDAP server to do the users authentication using the stored credentials - won't the eDir server need to tree-walk to authenticate the (stored) User Connection User ? i.e. aren't we trading ZCM Authentication traffic for Edir authentication traffic ?

Cheers
Ian
0 Likes
Highlighted
Absent Member.
Absent Member.

So any update on this ?

Cheers
Ian
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.