Skip to main content

By clicking Submit, you agree to the developerWorks terms of use.

The first time you sign into developerWorks, a profile is created for you. Select information in your profile (name, country/region, and company) is displayed to the public and will accompany any content you post. You may update your IBM account at any time.

All information submitted is secure.

  • Close [x]

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerworks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

By clicking Submit, you agree to the developerWorks terms of use.

All information submitted is secure.

  • Close [x]

developerWorks Community:

  • Close [x]

Hello World: Tivoli Identity Manager

Manage user accounts in an LDAP directory

Wes Wardell, Staff Software Developer, IBM
Author photo
Wes Wardell is currently working in the SOA Advanced Technology Design Center in the IBM Toronto Lab. In 2005, he co-authored one of IBM's Redbooks about IBM Tivoli Identity Manager version 4.5.1. He holds a degree in computing and computer electronics from Wilfrid Laurier University, Canada.

Summary:  Welcome to the eleventh tutorial in the "Hello, World" series, which provides high-level overviews of various IBM® software products. This tutorial offers an introduction to Tivoli® Identity Manager Express V4.6. It includes practical, hands-on exercises in which you will set up Tivoli Identity Manager Express to manage accounts in an LDAP user directory.

View more content in this series

Date:  12 Mar 2007
Level:  Introductory PDF:  A4 and Letter (1306 KB | 32 pages)Get Adobe® Reader®

Activity:  36984 views

Create your own LDAP account

With the identity policy set up earlier, an LDAP account can be created for the user Mindy McTest that will use her full name for her user ID. As the administrator, you could create the account for Mindy; but you may want users to be able to request their own accounts without your help. Depending on the services that you have set up, you may also want to require approval for user account requests. In the example you've been walking through, the LDAP service that you've set up does not have an approval process in place, so Mindy will be able to request and receive her LDAP account without intervention by anybody else; approval processes are outside the scope of this tutorial.

In this section, you'll act as Mindy to request your own account. As you'll see, the capabilities available to Mindy in the ITIM Web client are limited because she is not an administrator.

Would you like to see these steps demonstrated for you?

Show me Show me

  1. If you are still logged in as the ITIM manager, click Log Out, then log in as Mindy using the user ID and password you created for her earlier: Mindy McTest and hell0MINDY.
  2. Select Manage My Accounts > Request an Account, and then click Search on the Request an Account page to retrieve a list of the available services. The LDAP service you created earlier should be listed, as shown in Figure 29.

    Figure 29. Request an LDAP account
    Request an LDAP account

  3. If there were more services in the list, you would have to select one. In this case, the service is already selected, so click Finish.
  4. On the success page, click the View the status of this request link to check whether the account creation was successful.
  5. By default, the View All My Requests page that opens will display all requests by Mindy for the current day. Since you've just submitted the request, the one you're looking for should be at the top of the list with a status of Success, as shown in Figure 30. Mindy is finished with ITIM, so click Log Out.

    Figure 30. Account creation successful
    Account creation successful

  6. To verify that Mindy actually exists in the LDAP directory, go to a command window and run the following command (all on one line):
    LDAPsearch -D cn=root -w hell0ADM -b ou=austin,o=ibm,c=us sn=McTest fullname 
      userPassword sn cn

    You should see Mindy's information as shown in Figure 31.

    Figure 31. LDAP account
    LDAP account

    Notice that Mindy's password was also added to the LDAP directory by default. At this point, Mindy can log in to any system configured to authenticate with this LDAP directory, using a password that she already knows.

9 of 13 | Previous | Next


Zone=Service management, Security, Tivoli
TutorialTitle=Hello World: Tivoli Identity Manager