Console LDAP Guide
Setting up an Active Directory LDAP:
- Create functional AD groups for the different type of operators (e.g., master and non-master) and add users as appropriate;
- Add an LDAP Directory in the TEM console and point it to an AD domain controller. Set up a special account with a non-expiring password just for authentication;
- Create Roles in the TEM console that correspond to the functional AD groups you previously created. So you might have a master operator role and non-master operator role;
- Setting the permissions (e.g., Master Operator, Custom Content) for the role as appropriate, and add the appropriate LDAP Group to the role;
- You can also add computer management rights to the role or create additional roles just to identify computer management rights.
At this point, any AD user who is a member one of the LDAP Groups granted permissions to TEM through a role assignment will be able to log into the TEM console. The first time the user logs into the TEM console, an operator account will be automatically created and seen in the console.
Setting up a Generic LDAP:
- Port / Use SSL
- Base DN (AD defaults to DC=ad-domainname,DC=com or what ever is the top-level domain: com, org, net, local, etc.)
- Login attribute
- Authentication, unless the generic LDAP server allows for anonymous queries
LDAP Updates: By default, every 15 minutes the server will update group membership information for all LDAP users that have logged into the console.
For IBM Endpoint Manager 9.2:
For IBM Endpoint Manager 9.1:
For IBM Endpoint Manager 9.0:
For IBM Endpoint Manager 8.2: