IBM® Tivoli® Storage Manager requires the server to identify authorized administrator IDs and nodes by using a password. You can authenticate administrator and node passwords with a Lightweight Directory Access Protocol (LDAP) directory server.
Steps to authenticate passwords with an LDAP directory server | Where to complete the steps |
---|---|
1. Set up an LDAP directory server | LDAP server |
2. Create the Base DN (distinguished name) | LDAP server |
3. Grant access to the Base DN to a specific user ID. | LDAP server |
4. Copy the trusted certificate from the LDAP directory server to the Tivoli Storage Manager server | LDAP server |
5. Import the trusted certificate from the LDAP directory server to the Tivoli Storage Manager server. If you already have a certificate on the LDAP directory server, you do not have to generate a new certificate. You can use the existing certificate to secure communication between the LDAP directory server and the Tivoli Storage Manager server. | Tivoli Storage Manager server |
6. Configuring the LDAPURL option | Tivoli Storage Manager server |
7. Define the user ID that administers node and administrator passwords with the LDAP directory server | Tivoli Storage Manager server |
8. Define the password for the user ID that administers node and administrator passwords | Tivoli Storage Manager server |
9. Update or register node or update or register administrator IDs to authenticate with an LDAP directory server | Tivoli Storage Manager server |
The LDAP directory server interprets letters differently from the Tivoli Storage Manager server. The LDAP directory server distinguishes the case that is used, either uppercase or lowercase. For example, the LDAP directory server can distinguish between secretword and SeCretwOrd. The Tivoli Storage Manager server interprets all letters for LOCAL passwords as uppercase.
uid=jackspratt,ou=marketing,o=corp.com,c=us
uid=cbukowski,ou=manufacturing,o=corp.com,c=us
uid=abbynormal,ou=sales,o=corp.com,c=us
In this example,
the value of the RDN on the first line is of an administrator whose
user ID is jackspratt. The organizational unit (marketing), organization
(corp.com), and country (us) comprise the DN.set ldapuser "uid=jackspratt,ou=media,cn=security"
then uid=jackspratt,ou=media,cn=security is
the bind DN for the LDAP directory server.