search cancel

Replace application installation account with domain joined account

book

Article ID: 229603

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration

Issue/Introduction

We have used the local user accounts with sudo level access while installing the DX Netops solution CAPM, the account is having permissions to the application directories/ files.

As per our organization security policy, password for the local user accounts needs to changed for every 30 days. Due to this we are facing issues at application end as well.

So we are planning to replace the local user accounts with Active Directory service accounts, because this account has an exception for password expiry.

Here, we need your support/ guidance to perform this activity as we are not aware about the list of changes to be done in order to achieve it [ i.e, configuration file modification, DB level modification, file permission  level modification etc., ]

 

replace the local user accounts with Active Directory service account

Environment

Release : 21.2

Component :

Resolution

If you reinstall CAPC, DA and the DC's using the root user you can specify a new LDAP user when running the install/reinstall and it will update all necessary files and configure the system to run as the new AD user. For the DR you can create a LDAP user for the dradmin (or whatever user user you used in the install) with the group (verticadba) for the user and it can use the ldap account and remove the account in the /etc/passwd. 

Note the DR will complain on an upgrade as it requires a local user. Here is the workaround for DR upgrade. 

https://knowledge.broadcom.com/external/article?articleId=225416