Topic
6 replies Latest Post - ‏2013-09-23T23:23:40Z by jdell
achmadz
achmadz
22 Posts
ACCEPTED ANSWER

Pinned topic Import AD user to TAMeb

‏2013-04-30T19:22:43Z |

Hi All,

I have plan to import the user on Microsoft Active Directory to the Webseal user registry, my question is :

1. Is it possible to import the user using TDI?

2. Is there any utility in TAMeb like DirectorytoTIMImport.xml on TIM?

Many thanks

  • jdell
    jdell
    96 Posts
    ACCEPTED ANSWER

    Re: Import AD user to TAMeb

    ‏2013-05-03T02:31:27Z  in response to achmadz

    Off the top of my head:

    Question 1:  You need to provide more details - do you want to import users from AD into another TAM managed repository (e.g. IBM directory server) or do you want to use AD as the actual user registry for TAM?  If it's the former, then yes you can use TDI.

    Question 2: Not sure.

    Regards,

    JD

    • achmadz
      achmadz
      22 Posts
      ACCEPTED ANSWER

      Re: Import AD user to TAMeb

      ‏2013-05-04T01:05:59Z  in response to jdell

      Hi Jdell,

      1. So if we want to use another repository like Tivoli Directory Server, we can use TDI as mediator to do the import process from AD,

      2. If we want to use AD as the user registry of TAM. Do we also need to import the user from AD manually (one  by one) in Web Portal Manager TAM WAS? 

       

      Thanks 

       

      • jdell
        jdell
        96 Posts
        ACCEPTED ANSWER

        Re: Import AD user to TAMeb

        ‏2013-05-06T00:42:08Z  in response to achmadz

        Scenario 1:    Yes, you can use TDI in this scenario to do an initial bulk load of users and/or groups from AD into the TAM registry and thereafter use TDI to keep the AD and TAM registries synchronized.

        Scenario 2.    I stand to be corrected on this one - but I think that you would still need to do an import of the AD users into TAM.  You could use the Web Portal Manager, but I would be inclined to automate this process somewhat using the pdadmin "import user" command in a script - or perhaps use the TAM API.  Thereafter, you should maintain this user registry via the "TAM interface" e.g. via APIs, pdadmin commands, WPM or a provisioning infrastructure like TIM.  It really depends on what your needs are.  Using AD as the TAM registry has never really appealed to me.  If you want to go down this path perhaps you should look at using AD variants such as ADAM (there is another one - just can't think of the name at the moment).

        Regards,

        JD

        • jdell
          jdell
          96 Posts
          ACCEPTED ANSWER

          Re: Import AD user to TAMeb

          ‏2013-05-06T00:45:11Z  in response to jdell

          On scenario 2, you could still use TDI for an initial bulk load and for synchronizing as well.

          • achmadz
            achmadz
            22 Posts
            ACCEPTED ANSWER

            Re: Import AD user to TAMeb

            ‏2013-09-23T11:07:42Z  in response to jdell

            Hi Jdell,

            Thanks for your reply,

            So we have TDS and we still do the manual import (one by one) for each user to tameb. If we use TDI as the mediator, the logic will be like,

            we use a connector to TDS using iterator mode, then we use the other connector using add mode to TAM, as far as I know we can retrieve any attribute in TDS using LDAP connector. What about for tameb ? can we still use ldap connector also what kind of attribute in tameb that we can use them as a reference 

            Please advise

            Thanks

            • jdell
              jdell
              96 Posts
              ACCEPTED ANSWER

              Re: Import AD user to TAMeb

              ‏2013-09-23T23:23:40Z  in response to achmadz

              Hello,

              I'm a little confused as to the make up of your environment.  If the subject of this thread is correct, then I'm assuming that you still want to import AD users into TAM.  I hope you understand that TAM has to be associated (or hooked into) an LDAP registry - in most cases the LDAP registry will be TDS (or ITDS) - IBM Tivoli Directory Server.

              Now, if this is your scenario, then using TDI, you would use an LDAP connector to iterate through entries in AD in the Feed section and then use a TAM connector in the Flow section to add/update entries in TAM (and the underlying LDAP registry).

              Regards,

              JD