We are a group of users of Blackbaud products and are not affiliated with Blackbaud. We'd love to have you join our community to help and be helped in getting the most from your Blackbaud software.
Register now to join us to get independant advice on your system, connect with 3rd party consultants to help you maximize your database and have a real alternative to the official Blackbaud website.
Does anyone have details of the way The Raiser's Edge 7 connects, via logins/users/roles, to the SQL Server 2000 database? Our domain is being removed so I think we'll have to start using mixed mode authentication, but not making much progress with setting this up in preparation for the Windows domain removal.
This is what I've worked out...
(We have authentication set to use windows authentication on the database)
First of all RE tries to connect to the database. SQLServer checks that the windows user can connect. We have a security group set up, corresponding to a domain group. So long as the user is in the domain group they can do this first stage no problem.
Then RE tries to authenticate the RE user. If the RE user is associated with a domain user this means that they can get into RE automatically.
If the RE user has their own RE login, they get the login box and have to type the username and password.
I'm not sure how all this will work without a domain.
I don't think there is any validation against SQL server when logging into RE. As long as the REUser account exists and has access to the right database, the program will either display a windows authenticated login (meaning it will log itself in) or will display the log in page, which authenticates the user to the program. Windows may validate whether or not the user has an account and permissions on that server, but I doubt it. All access security is handled by the security module within RE and stored in tables in the RE database. I WISH they would switch it to SQL groups for security, then I could limit access to fields instead of it being all or nothing access...
BTW, just because your domain is going away doesn't mean that your windows authentication has to go away. You will just have to create every user account on that server instead of in the domain controller. In my case, it would move from this: "sw\sndgc" to this "foundprod\sndgc"
You change the "name" from the domain to the server. One note: I don't know how RE will handle this without using citrix. I assume that it still validates the logins off of the server using what's stored in the users table, which means you should be able to use the "servername\username" to use windows authentication.
You can test this, as long as you have access your server. Change your user account from the domain to the computer and see if it still logs you in or not...
Hope that helps,
Doug
__________________ ~~~~~~~~~~~~~~~~~~~
Doug Creek
RE Database Administrator
University of Alaska Foundation sndgc@email.alaska.edu
I've had SQL Profiler running and before every domain\networkID log in there was a log in failure for "REUser". This lead me to believe that RE was trying to connect via this, and failing to do so it went on to use trusted connections.
I re-attached the database with the owner as REUser and it appears to be working, ie; connecting purely through REUser.
Linear Mode
