Active Directory Integration

This forum is designated to discuss Password Depot Server.
Post Reply
jparr
Newbie
Newbie
Posts: 2
Joined: August 25th, 2008, 10:04 pm

Active Directory Integration

Post by jparr » August 25th, 2008, 10:06 pm

I am trying to run PWDepot server, but would like usernames/passwords for authentication to the server synced to active directory. Is this possible?

Katrin (AceBIT-Team)

Re: Active Directory Integration

Post by Katrin (AceBIT-Team) » August 26th, 2008, 11:07 am

Hello,

right now this is not possible, but Active Directory support will be introduced in the next version of Password Depot Server which will hopefully be released in the next weeks.

Best regards

jparr
Newbie
Newbie
Posts: 2
Joined: August 25th, 2008, 10:04 pm

Re: Active Directory Integration

Post by jparr » January 30th, 2009, 6:45 pm

Katrin (AceBIT-Team) wrote:Hello,

right now this is not possible, but Active Directory support will be introduced in the next version of Password Depot Server which will hopefully be released in the next weeks.

Best regards
Has the new version of the server been released yet? I don't see anything on the web site newer than May 2007.

arleybls
Member
Member
Posts: 19
Joined: March 27th, 2007, 6:56 pm

Re: Active Directory Integration

Post by arleybls » August 11th, 2009, 6:08 pm

Will Active Directory Integration be implemented? v4 is out and no integration has been made.

User avatar
Support (AceBIT)
AceBIT
AceBIT
Posts: 2463
Joined: March 27th, 2003, 10:53 am
Contact:

Re: Active Directory Integration

Post by Support (AceBIT) » August 12th, 2009, 6:26 pm

Just the before the release of version 4 we decided not to add the Active Directory integration. It is currently not clear if this Active Directory integration is really senseful for our server solution.

If you disagree or have reasons why the Active Directory integration would improve the currenct concept of Password Depot Server please share your opinion here, and we will discuss it again internally. Thank you!
AceBIT - Support -

arleybls
Member
Member
Posts: 19
Joined: March 27th, 2007, 6:56 pm

Re: Active Directory Integration

Post by arleybls » August 20th, 2009, 5:33 pm

Hi,

We have just finished the evaluation of Depot v4, one of the features that we were waiting was the AD integration.

We see a lot of benefits on that, to name a few:

1) Easy administration: No need to create users/groups, only associate ad users/groups to the data file;

2) Single sign-on plataform: Users would not need to have a second user/password to login to the depot server;

3) Since Depot uses a symetric algorithm to encrypt the data, is true to say that the password-data is as safe as the password chosen by the user. Integrating with Active Directory would benefit from AD Password Policies and thus make Depot Server compliant with most of the Security Policies that enterprises enforce now days. This is actually one of the reasons that we are holding our 500-lic upgrade to version 4. You could at least, if not integrating to Active Directory, enforce a password policy to depot users.

4) Integrating will also benefit from extensive Auditing that Active Directory has;

Hope this help and keep the good work.

Cheers,
Arley

User avatar
AceBIT
Site Admin
Posts: 3372
Joined: March 20th, 2003, 8:08 pm

Re: Active Directory Integration

Post by AceBIT » September 8th, 2009, 12:27 am

Hi Arley,

I still have no feedback from the product manager concerning the AD integration. They are working on the spezifications for version 5 and there is no decision made, if AD will be supported or not.

Thanks for your patience.
Beste Grüße aus Darmstadt! - Best regards from Darmstadt!

AceBIT GmbH, Holzhofallee 15, 64295 Darmstadt, Deutschland - Tel.: +49 61 51 136 50-0, Fax: +49 61 51 136 50-20, E-Mail: info@acebit.de, Web: https://www.acebit.de

ChristianL
Member
Member
Posts: 8
Joined: January 26th, 2010, 12:58 pm
Location: München

Re: Active Directory Integration

Post by ChristianL » January 26th, 2010, 1:11 pm

Hi,

we are very interessed in your password tool and an AD integration would be a big plus for your program vs. other competitors.

But for us it would be sufficient if only users and their passwords would be synced with or connected to the AD.

When will V5 be released?

Greetings
Christian

NorbertFe
Super User
Super User
Posts: 105
Joined: March 4th, 2010, 5:18 pm

Re: Active Directory Integration

Post by NorbertFe » March 4th, 2010, 5:24 pm

Hi,

I was hoping to find this feature on the next release schedule.
We just bought a 50 user license and assigning AD Users would be very helpful.
Hope the product manager is open to those reasonable arguments from arleybls.

Bye
Norbert

NorbertFe
Super User
Super User
Posts: 105
Joined: March 4th, 2010, 5:18 pm

Re: Active Directory Integration

Post by NorbertFe » February 16th, 2011, 1:42 am

As I read in the German forum, no changes to this sadly missed functionality in version 5. Is there a problem explaining this feature request to the program manager or why isn't it included?

Bye
Norbert

User avatar
AceBIT
Site Admin
Posts: 3372
Joined: March 20th, 2003, 8:08 pm

Re: Active Directory Integration

Post by AceBIT » February 17th, 2011, 5:25 pm

The implementation of Active Directory support was not implemented for misc reasons in the past. It will be part of Password Depot Server 6, which is scheduled for June 2011.

Thank you for your patience!
Beste Grüße aus Darmstadt! - Best regards from Darmstadt!

AceBIT GmbH, Holzhofallee 15, 64295 Darmstadt, Deutschland - Tel.: +49 61 51 136 50-0, Fax: +49 61 51 136 50-20, E-Mail: info@acebit.de, Web: https://www.acebit.de

User avatar
AceBIT
Site Admin
Posts: 3372
Joined: March 20th, 2003, 8:08 pm

Re: Active Directory Integration

Post by AceBIT » June 30th, 2011, 5:20 pm

Hello,

the Active Directory integration is now available in the beta of Password Depot Server 6, which you can download from our website.
Beste Grüße aus Darmstadt! - Best regards from Darmstadt!

AceBIT GmbH, Holzhofallee 15, 64295 Darmstadt, Deutschland - Tel.: +49 61 51 136 50-0, Fax: +49 61 51 136 50-20, E-Mail: info@acebit.de, Web: https://www.acebit.de

arleybls
Member
Member
Posts: 19
Joined: March 27th, 2007, 6:56 pm

Re: Active Directory Integration

Post by arleybls » January 30th, 2012, 3:24 pm

AceBIT wrote:Hello,

the Active Directory integration is now available in the beta of Password Depot Server 6, which you can download from our website.
I'm glad to see that you have implemented AD integration, unfortunately it took long enough for me to move on to a new job :-) I wonder nevertheless if u natively authenticate users trough kerberos or NTLM or you just import users to the Depot Database, and if you only import does the user needs to have a separate password to connect do depot server? Also, does the sync with AD happens on an automated fashion or is a manual process.

Cheers,
Arley

User avatar
AceBIT
Site Admin
Posts: 3372
Joined: March 20th, 2003, 8:08 pm

Re: Active Directory Integration

Post by AceBIT » February 13th, 2012, 5:10 pm

arleybls wrote:
I'm glad to see that you have implemented AD integration, unfortunately it took long enough for me to move on to a new job :-) I wonder nevertheless if u natively authenticate users trough kerberos or NTLM or you just import users to the Depot Database, and if you only import does the user needs to have a separate password to connect do depot server? Also, does the sync with AD happens on an automated fashion or is a manual process.
Hello Arley,

For compatibility with other authentication methods and local password files management, the Password Depot Server stores information about password files, users, groups and access rights in an own database.

It can import users and groups from the Active Directory and use NTLM for authentication of users. PD Server does not store Windows credentials and uses only a minimum of information from the Active Directory, therefore synchronization with AD is rarely needed, mainly only when new users are added to the Active Directory. Import of users from the AD and updates for existing users can be made with the Active Directory Import wizard.
Beste Grüße aus Darmstadt! - Best regards from Darmstadt!

AceBIT GmbH, Holzhofallee 15, 64295 Darmstadt, Deutschland - Tel.: +49 61 51 136 50-0, Fax: +49 61 51 136 50-20, E-Mail: info@acebit.de, Web: https://www.acebit.de

arleybls
Member
Member
Posts: 19
Joined: March 27th, 2007, 6:56 pm

Re: Active Directory Integration

Post by arleybls » August 8th, 2012, 7:04 pm

AceBIT wrote:
arleybls wrote:
I'm glad to see that you have implemented AD integration, unfortunately it took long enough for me to move on to a new job :-) I wonder nevertheless if u natively authenticate users trough kerberos or NTLM or you just import users to the Depot Database, and if you only import does the user needs to have a separate password to connect do depot server? Also, does the sync with AD happens on an automated fashion or is a manual process.
Hello Arley,

For compatibility with other authentication methods and local password files management, the Password Depot Server stores information about password files, users, groups and access rights in an own database.

It can import users and groups from the Active Directory and use NTLM for authentication of users. PD Server does not store Windows credentials and uses only a minimum of information from the Active Directory, therefore synchronization with AD is rarely needed, mainly only when new users are added to the Active Directory. Import of users from the AD and updates for existing users can be made with the Active Directory Import wizard.
I'm considering Depot again for my current employee. For that matter I have few questions:

1. Can you associate Global/Universal groups to the password files instead of users? This is a mandatory scenario in my employee since the access management is done by a second team not by the sysadmins which will manage depot server.
2. Can you force users/desktops not to cache the passwords on disk?
4. When users connect to the depot server does the application transfers the whole password db file to the client or there is an application protocol behind to search the password database remotely and securely?
3. Can you provide me a 30 days full featured evaluation version o both the latest client and server?

Regards,
Arley

User avatar
AceBIT
Site Admin
Posts: 3372
Joined: March 20th, 2003, 8:08 pm

Re: Active Directory Integration

Post by AceBIT » August 9th, 2012, 5:57 pm

arleybls wrote: 1. Can you associate Global/Universal groups to the password files instead of users? This is a mandatory scenario in my employee since the access management is done by a second team not by the sysadmins which will manage depot server.
Yes, it is possible to set up access rights on a password file for one or more groups, so all members of those groups will have corresponding access rights.
arleybls wrote: 2. Can you force users/desktops not to cache the passwords on disk?
Currently, there is no such option, but you may restrict many functions in password files (for example, print, save, export, etc.).
arleybls wrote:
3. Can you provide me a 30 days full featured evaluation version o both the latest client and server?
The lizenced version of Password Depot (Client / main application) allows using the Server Module with up to three users for free. A server license is only required for greater numbers of users.
arleybls wrote: 4. When users connect to the depot server does the application transfers the whole password db file to the client or there is an application protocol behind to search the password database remotely and securely?
When a user connects to PD server, the server sends list of all files available for this user. User selects a file and receives its completely. All changes in the password file are updated automatically without transferring the whole file (only modifications are transferred between the server and all clients). All data transfers and commands are sent in encrypted form.
Beste Grüße aus Darmstadt! - Best regards from Darmstadt!

AceBIT GmbH, Holzhofallee 15, 64295 Darmstadt, Deutschland - Tel.: +49 61 51 136 50-0, Fax: +49 61 51 136 50-20, E-Mail: info@acebit.de, Web: https://www.acebit.de

NorbertFe
Super User
Super User
Posts: 105
Joined: March 4th, 2010, 5:18 pm

Re: Active Directory Integration

Post by NorbertFe » September 3rd, 2012, 6:39 pm

AceBIT wrote:
arleybls wrote: 1. Can you associate Global/Universal groups to the password files instead of users? This is a mandatory scenario in my employee since the access management is done by a second team not by the sysadmins which will manage depot server.
Yes, it is possible to set up access rights on a password file for one or more groups, so all members of those groups will have corresponding access rights.
No it only works with groups created within Password Depot Server, not with Active Directory Groups.

Regards
Norbert

Post Reply