Create your own LDAP account
With the identity policy set up earlier, an LDAP account can be created for the user Mindy McTest that will use her full name for her user ID. As the administrator, you could create the account for Mindy; but you may want users to be able to request their own accounts without your help. Depending on the services that you have set up, you may also want to require approval for user account requests. In the example you've been walking through, the LDAP service that you've set up does not have an approval process in place, so Mindy will be able to request and receive her LDAP account without intervention by anybody else; approval processes are outside the scope of this tutorial.
In this section, you'll act as Mindy to request your own account. As you'll see, the capabilities available to Mindy in the ITIM Web client are limited because she is not an administrator.
- If you are still logged in as the ITIM manager, click Log Out, then
log in as Mindy using the user ID and password you created for her earlier:
- Select Manage My Accounts > Request an Account, and then click
Search on the Request an Account page to retrieve a list of the
available services. The LDAP service you created earlier should be listed, as
shown in Figure 29.
Figure 29. Request an LDAP account
- If there were more services in the list, you would have to select one. In this case, the service is already selected, so click Finish.
- On the success page, click the View the status of this request link to check whether the account creation was successful.
- By default, the View All My Requests page that opens will display all
requests by Mindy for the current day. Since you've just submitted the
request, the one you're looking for should be at the top of the list with a
status of Success, as shown in Figure 30. Mindy is finished with ITIM, so
click Log Out.
Figure 30. Account creation successful
- To verify that Mindy actually exists in the LDAP directory, go to a command
window and run the following command (all on one line):
LDAPsearch -D cn=root -w hell0ADM -b ou=austin,o=ibm,c=us sn=McTest fullname userPassword sn cn
You should see Mindy's information as shown in Figure 31.
Figure 31. LDAP account
Notice that Mindy's password was also added to the LDAP directory by default. At this point, Mindy can log in to any system configured to authenticate with this LDAP directory, using a password that she already knows.