External Entry Hosts
External Entry Hosts are remote servers which store credential information for your user accounts. Once these are defined, Password Server can connect and import records as an entry.
Once the passwords are manually synchronized, Password Server can set the passwords and change the passwords on a schedule.
Note that the initial passwords themselves cannot be imported, except if integrating with Microsoft LAPS using a script. Please contact Support for more details.
Have Questions? Contact Us!
Supported Host Types
Auto Changer currently supports:
- Active Directory
Linux, Unix, etc. (any *nix with passwd command available)
AD/LDAP User Directories which have been setup for User import, can be reused as a Host Type with the same configuration.
Setting up an External Entry Host
External Entry Hosts are managed from Advanced > Entries > External Entry Hosts. Only users with the "External Entry Hosts" permission can see this page.
The grid shows all the Hosts that have been configured. Host configuration can be updated, but cannot be deleted if there is an External Entry from that Host in the system.
External Entry Host Configuration Fields
- A name for the host. It can be anything.
- The host server address (machine name, URL, IP, DNS entry)
Active Directory / OpenLDAP Host Type
- The port number to use when connecting to the server. Port 389 is commonly used for queries to an AD/LDAP server (or Port 636 for when SSL is enabled).
- Whether or not the connection uses SSL. Connecting using SSL requires a valid SSL certificate.
- Authentication Type:
- The authentication method used when connecting to a server. Active directory normally uses Microsoft Negotiate. Other LDAP servers may use Basic or Kerberos, depending on how they are configured.
- Use Admin Credentials:
- Connect to the directory as this user, who must have viewing and searching permissions on the directory subtree being searched. Otherwise the username and password associated to the user directory will be used to connect to it.
- Unique Directory Id Attribute:
- The name of name of the object attribute to read a Globally Unique Identifier from. Configuring this allows Entries to be imported based on this Identifier rather than the DN.
- User Name Attribute:
- The name of the object attribute to map to the username field when importing an Entry.
- Password Field:
- The name of the object attribute to write the password to when pushing passwords to the LDAP server
- Password Format:
- The format that Password Server should use when pushing passwords to the LDAP server.
User Directory Host Type
- User Directory:
- The Directory configuration to reuse for importing Entries. When importing and updating entries, Password Server will query the same host and use the same schema defined in the Directory configuration.
- User Alternate Credentials:
- Optional set of credentials to use for querying the Directory when importing and updating Entries. If not set here, then Password Server will continue to use credentials in the Directory Configuration.
Unix Host Type
- The port number to use when connecting to the Unix server. Communication with a Unix Host occurs over SSH which uses port 22 by default.