After setting up the Active Directory integration with Datamaker, entering the AD group name, and submitting, I received the following errors:

"Cannot safely set AD Group to (group name) as the following error occurred:

Invalid password- cannot test existence of group (name)

If you continue you may not be able to access this CA Test Data Manager-Datamaker Test Data Repository. Continue anyway?"

Release:
Component: TDMDTM

Active Directory (AD) enables your security teams to authenticate and authorize CA Test Data Manager (TDM) user access and privileges from a central location.

To read more about how AD authentication works with TDM-Datamaker, see our online documentation: https://docops.ca.com/ca-test-data-manager/4-6/en/administrating/datamaker-administration/security/active-directory-integration

If you are getting this error, it means that the user is not a member of the AD group. Datamaker is trying to authenticate using the logged on user and password. You will need to sign into Datamaker with the AD user, then add the AD group.

1. Launch Datamaker. 
2. Sign in and connect to the repository. 
3. Connect to the desired target and source profiles.
4. Click on the 'Security' tab at the top of the toolbar.
5. Choose 'Users and Groups' from the drop down menu.
6. Sign in with your administrator credentials. 
7. Under the 'Users' section in the left hand column, right click on an existing user. 
8. Choose 'Add user' from the menu.
9. In the 'New User' window that appears, create a new user and password that are similar to the AD credentials you are wanting to use. Click the green checkmark in the bottom, right-hand corner to save. 
10. You will get a message saying that 'User (username) Saved'. Click the 'OK' button.
11. You will then get a message with the new users ID, email, password, and access expiration date. Click the 'OK' button.
12. Now you will need to assign the new user admin privileges. Under the 'Users' section in the left hand column, click on the newly added user.
13. In the 'User Groups for (username)' tab, under the 'Available' section, click the the group 'ADMIN- All Projects- ADMIN' so that it is highlighted. 
14. In the middle of the screen, click the piece of paper with a green down arrow icon. Now the new user has administrative privileges. 
15. Restart Datamaker. 
16. Sign in as the new user. 
17. Connect to the desired target and source profiles.
18. Click on the 'Security' tab at the top of the toolbar.
19. Choose 'Users and Groups' from the drop down menu.
20. Sign in with your administrator credentials. 
21. In the 'Maintain Security' window that appears, click on the 'Security Settings' tab. 
22. In the 'AD Group' text box, specify the Active Directory name for the AD column. The AD Group of which a user must be a member of in order to access this in the CA Test Data Manager-Datamaker repository. 
23. Click the 'Save' floppy disk icon.
24. You should get a pop up confirming what the 'AD Group is set to'. Click the 'OK' button. 

You should no longer be getting those error messages and your AD integration is successfully set up. 

If you are logged in as Administrator (TDM's default super user) and you are absolutely sure that the necessary users are defined in the AD group selected and the AD group name is correct, you can save the configuration and then login successfully with the AD user after restarting Datamaker despite the error received.

 

Should you have problems logging into Datamaker after performing the AD configuration, you can reset this configuration by removing the license. You MUST have a valid license available to re-enable access to TDM with the default Administrator. No other data will be removed from TDM (just the license and Datamaker's AD configuration). Instructions to do this can be found here:
https://docops.ca.com/ca-test-data-manager/4-6/en/administrating/datamaker-administration/security/active-directory-integration

In short, run the following query against the repo:

Delete from gtrep_clob where clob_id < 0;
Commit; 

Then relaunch Datamaker and provide the license.