08-07-2013 10:31 AM
I was wondering if there is a safe way to 'replace' the default '[Policy Manager Admin Network Login Service]' with a service that would authenticate domain accounts instead of local accounts.
This service can't be edited and I am hesitant to move this service from it's default location (1) for fear that I will end up locking myself out of the CPPM while I test.
I would like to use an LDAP group for admins that can login '/tips'. Currently it is setup for local accounts only.
I was thinking of using the same method used to do the "Guest Operator Logins" service.
My only fear though is the definition of the service. The only thing that filters the '[Policy Manger...]' service is the 'NAD-IP-ADDRESS'. I suspect I would have to put my custom service before the default service to do testing, but if I get the definition of the service wrong I could end up locking myself out of the CPPM. I think anyway...
Does anyone have some recommendations I could try to set this up? Or is it not recommended?
Solved! Go to Solution.
08-07-2013 10:35 AM - edited 08-07-2013 10:35 AM
08-07-2013 10:35 AM
This can be done...just copy that default service and in the new service add BOTH the LDAP server and the admin user repository as authentication sources so you don't get locked out while testing. Meaning...admin/eTIPS123 will still work.
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
08-08-2013 06:19 AM - edited 08-08-2013 06:20 AM
Thanks for the suggestions guys.
I was able to create the service and successfully test the login using an LDAP account and I did not lock myself out of the system!
P.S. I would mark both as "the solution" but I don't think that I can :(