IBM Tivoli Monitoring, Version 6.3 Fix Pack 2

LDAP user authentication using Microsoft Active Directory

Use these topics to assist you in setting up user authentication using Microsoft's LDAP-based Active Directory product.

These topics cover the steps that you must complete to incorporate LDAP as implemented in an Active Directory environment, while presenting the procedures from an Active Directory perspective. Two user scenarios (one illustrating monitoring server integration with Active Directory, the other portal server integration with Active Directory) are provided to show you how this process can help you implement Tivoli® Monitoring security in the working environment; see User scenarios.

This procedure uses the TEPS/e Web browser interface to complete the portal server configuration; see Using the TEPS/e administration console.

Note:
  1. Configuring the portal server to use an LDAP server to authenticate users has the advantage, that it allows user IDs longer than 10 characters, a limit that is imposed by monitoring server authentication. It also supports SSO (single sign-on), which monitoring server authentication does not.

    Only monitoring server-based user authentication allows user IDs to make SOAP Server requests or to issue CLI commands that invoke SOAP Server methods.

  2. The configuration procedures and steps for enabling IBM Tivoli Monitoring LDAP user authentication are the same for all LDAP implementations (Active Directory, Tivoli Directory Server, and so on), but the configuration values you specify will vary. These differences are due to the differences within the LDAP implementations themselves. The most pronounced differences are the syntax for Distinguished Names of objects within the directory. Additionally, the LDAP schema differences between LDAP implementations and any LDAP schema customizations will have a high impact on the LDAP user authentication configuration values provided.
  3. Although the scenarios in this set of topics assumes a Microsoft Active Directory version 2003 environment, these instructions and scenarios have also been verified using Active Directory Server 2008 and Active Directory Server 2008 R2.

The configuration uses all information that is provided to connect, bind, query, and filter records from a specified LDAP Base to the targeted LDAP user registry for user authentication. The configurations of the monitoring server and portal server LDAP user authentication are separate operations; these configurations (after completion) can be enabled and disabled independently. Do not consider that the steps for configuring the monitoring server's LDAP user authentication translates to the portal server's LDAP user authentication, nor vice versa.

Parent topic: Enabling user authentication

Feedback