Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

developerWorks Community:

  • Close [x]

Hello World: Tivoli Identity Manager

Manage user accounts in an LDAP directory

Wes Wardell, Staff Software Developer, IBM
Author photo
Wes Wardell is currently working in the SOA Advanced Technology Design Center in the IBM Toronto Lab. In 2005, he co-authored one of IBM's Redbooks about IBM Tivoli Identity Manager version 4.5.1. He holds a degree in computing and computer electronics from Wilfrid Laurier University, Canada.

Summary:  Welcome to the eleventh tutorial in the "Hello, World" series, which provides high-level overviews of various IBM® software products. This tutorial offers an introduction to Tivoli® Identity Manager Express V4.6. It includes practical, hands-on exercises in which you will set up Tivoli Identity Manager Express to manage accounts in an LDAP user directory.

View more content in this series

Date:  12 Mar 2007
Level:  Introductory PDF:  A4 and Letter (1306 KB | 32 pages)Get Adobe® Reader®

Activity:  36984 views

Manage LDAP accounts

Now that you have a service to connect to your LDAP directory, you can pull the existing accounts into ITIM. This process is called reconciliation, and you'll walk through it in this section. After the reconciliation is complete, you can view the accounts within ITIM.

Would you like to see these steps demonstrated for you?

Show me Show me

  1. If you just completed the previous section, then you'll be on the Manage Services page. If not, navigate to that page and perform a search to see the service that you've already created. Click on the icon next to the name of the service, and select Reconcile, as shown in Figure 9.

    Figure 9. Reconcile

  2. The page will refresh; near the top, there will be a message box telling you that the reconciliation request has been created to run immediately, as shown in Figure 10. Click the Close Message link.

    Figure 10. Reconciliation message
    Reconciliation message

  3. Most actions performed within ITIM are handled as requests that are submitted to a queue and then processed when scheduled. As the message you saw in the previous step indicated, the reconciliation that you just started is submitted as a request that is scheduled to run immediately. To view the status of the request, select View Requests > View All My Requests from the menu on the left of the page. By default, this page will show the requests made on the current day. Here you can see that the reconciliation request was processed successfully, as illustrated in Figure 11.

    Figure 11. View requests
    View requests

  4. To view more information on the request, click on the name in the Request type column. There isn't much of interest for this reconciliation, so simply click Close to return to the Manage Services page.
  5. From the list of services, click the pop-up icon for your service and select Accounts.
  6. The Manage Accounts page will open for your service, as illustrated in Figure 12. Initially, the list is empty. To view all the accounts, leave the search entry field blank and click Search. The list will be populated with the accounts pulled from your LDAP directory. Notice that the value in the Owner column is None for each of the accounts. ITIM users that can be associated with these accounts have not been created yet, so they are not owned at this time. These accounts are referred to as orphan accounts. You'll need this list of accounts for the next section, so leave it open for now.

    Figure 12. List of LDAP accounts in ITIM
    List of LDAP accounts in ITIM

  7. Confirm the accounts that exist in the LDAP directory by checking the directory directly. Open a command window and run the following command (all on one line):
    LDAPsearch -D cn=root -w hell0ADM -b ou=austin,o=ibm,c=us 
                         objectclass=organizationalPerson fullname

    As shown in Figure 13, you will see listed the sample accounts that were created within the Austin organizational unit of the LDAP directory.

    Figure 13. List of LDAP accounts
    List of LDAP accounts

    Go back to the Manage Accounts page within ITIM. You'll see that the list of accounts are the same.
  8. Your next task will be to remove the account for Arthur Edwards. Click the icon next to Arthur Edwards and select Delete.
  9. A confirmation message will appear, as illustrated in Figure 14. Click Delete to confirm.

    Figure 14. Delete confirmation message
    Delete confirmation message

  10. The Delete Accounts page will now include a message indicating that the request was submitted successfully. Just as with the reconciliation you performed earlier, the delete action is handled by a submitted request that by default is processed immediately. The message includes a link to view the status of the request. It's likely already complete, so go back to the command window and run the LDAPsearch command again. The results should now look like Figure 15.

    Figure 15. Updated list of LDAP accounts
    Updated list of LDAP accounts

    As you can see, Arthur Edwards no longer has an LDAP account.
  11. Go back to ITIM and click Close to close the Delete Accounts page. You're done with the Manage Accounts and Manage Services pages for now; if they're still open, close them as well.

5 of 13 | Previous | Next


Zone=Service management, Security, Tivoli
TutorialTitle=Hello World: Tivoli Identity Manager