Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

developerWorks Community:

  • Close [x]

Hello World: Tivoli Identity Manager

Manage user accounts in an LDAP directory

Wes Wardell, Staff Software Developer, IBM
Author photo
Wes Wardell is currently working in the SOA Advanced Technology Design Center in the IBM Toronto Lab. In 2005, he co-authored one of IBM's Redbooks about IBM Tivoli Identity Manager version 4.5.1. He holds a degree in computing and computer electronics from Wilfrid Laurier University, Canada.

Summary:  Welcome to the eleventh tutorial in the "Hello, World" series, which provides high-level overviews of various IBM® software products. This tutorial offers an introduction to Tivoli® Identity Manager Express V4.6. It includes practical, hands-on exercises in which you will set up Tivoli Identity Manager Express to manage accounts in an LDAP user directory.

View more content in this series

Date:  12 Mar 2007
Level:  Introductory PDF:  A4 and Letter (1306 KB | 32 pages)Get Adobe® Reader®

Activity:  36984 views

Map user attributes to LDAP attributes

The identity policy takes care of the user ID for LDAP accounts, but that still leaves you with the responsibility of entering all the other attributes for each account. For the sample LDAP directory, the fullname and lastname attributes are required before an account can be created. In this section, you'll set up the LDAP service to use the full name and last name already defined for the ITIM user when creating an LDAP account.

Would you like to see these steps demonstrated for you?

Show me Show me

  1. To illustrate what you'll be changing, you need to first start by creating an account for Mindy. Select Manage Users and then click Search to retrieve the list of users.
  2. Select the icon next to Mindy's name and select Request Accounts.
  3. Click Search to retrieve the list of services, make sure your LDAP service is selected, and then click Continue. The Request an Account page will open, as shown in Figure 22, with the User ID field filled in based on the identity policy. However, the Full name and Last name fields are required fields and they are empty. When you created the user for Mindy, this information was added, so it should be used here as well. Scroll to the bottom and click Cancel.

    Figure 22. Create user
    Create user

  4. Attribute mapping is configured as part of the service, so select Manage Services and then click Search to retrieve the list.
  5. Click the icon next to your service and select Account Defaults.., as shown in Figure 23.

    Figure 23. Modify default attributes for new accounts
    Modify default attributes for new accounts

  6. The initial list is empty. Click Add to see the list of LDAP attributes to choose from.
  7. The list spans multiple pages, so click through the pages until you find the Full name attribute, shown in Figure 24. Select its radio button and then click Add default.

    Figure 24. Select an LDAP attribute to set by default
    Select an LDAP attribute to set by default

  8. The default value page allows you to add text before or after an ITIM user attribute. You don't want to do either, so leave both blank and click Search to find the user attribute to assign to Full name.
  9. The Select a User Attribute page lists all the attributes that an ITIM user can have. In this case, the attribute name to use is the same in ITIM as it is in the LDAP directory. Find Full name, select it, and then click OK. This is illustrated in Figure 25.

    Figure 25. Select an ITIM user attribute
    Select an ITIM user attribute

  10. Click OK to complete the mapping. As Figure 26 illustrates, the list of default attributes now shows that Full name maps to Full name.

    Figure 26. Full name attribute mapped
    Full name attribute mapped

  11. Click Add again, and this time map Last name to Last name. Once you're back to the list pictured in Figure 27, now showing Full name and Last name with default attributes, click OK.

    Figure 27. Completed attribute mappings
    Completed attribute mappings

  12. Click Close on the page with the success message, and then click Close on the Manage Services page.
  13. You should now be back to the Request an Account page you used earlier to start creating an account for Mindy, and your LDAP service should be selected. Click Continue.
  14. This time, you'll see that Full name and Last name are filled in, as illustrated in Figure 28.

    Figure 28. Create an account
    Create an account

    Don't create the account yet, though; instead, click Cancel. This is how you'd create an account for Mindy as an administrator, but in the next section you'll log in as Mindy and request the account for yourself.

8 of 13 | Previous | Next


Zone=Service management, Security, Tivoli
TutorialTitle=Hello World: Tivoli Identity Manager