Install and set up the directory server so that Active
Directory communicates with IBM® Security
Access Manager for Enterprise Single Sign-On.
You can prepare an Active Directory server if you plan to use Active
Directory as a directory server. For considerations on using a directory
server with IBM Security
Access Manager for Enterprise Single Sign-On,
see the IBM Security
Access Manager for Enterprise Single Sign-On Planning and Deployment
Guide.
SSL is required to set up and change passwords programmatically
during sign-on and user creation in Active Directory. Enabling SSL
in Active Directory lets clients communicate securely with the Active
Directory servers.
Important: If you plan to use password
resets in
AccessAssistant or
Web Workplace but
not use Active Directory over SSL, install the Tivoli® Identity Manager Active Directory Adapter.
See
Preparing the Active Directory Adapter.
- Verify the deployment requirements for your Active Directory configuration.
To
determine the Active Directory steps you must complete:
- If SSL is required but not yet enabled, see your vendor-specific
documentation on enabling SSL for your version of Active Directory.
- If SSL is required and enabled, verify that the SSL port numbers
are what you need.
- If SSL is not required in your deployment, see Preparing the Active Directory Adapter.
- Optional: Create a lookup user in Active Directory for IBM Security
Access Manager for Enterprise Single Sign-On directory
lookups.
To
support password resets in AccessAssistant and Web Workplace,
you must prepare a directory user with password reset privileges.
Ensure
that the user is:
- Active and not set to be disabled.
- Not set to expire.
Note: Avoid creating an administrative user with the same
user name as the WebSphere® administrator.