IBM Security Access Manager for Enterprise Single Sign-On, Version 8.2

Preparing Active Directory Lightweight Directory Services on Windows

If you plan to use Active Directory Lightweight Directory Services as a user registry, prepare Active Directory Lightweight Directory Services so that it communicates with IBM® Security Access Manager for Enterprise Single Sign-On.

Active Directory Lightweight Directory Services (AD LDS), which was previously known as Active Directory Application Mode (ADAM) provides support for directory enabled applications. Use the following high-level steps to prepare AD LDS or ADAM. For considerations on using a directory server with IBM Security Access Manager for Enterprise Single Sign-On, see the IBM Security Access Manager for Enterprise Single Sign-On Planning and Deployment Guide.

  1. Verify your deployment requirements for AD LDS or ADAM.

    For complete documentation on configuring ADAM or AD LDS, go to the Microsoft website at www.microsoft.com and search for "Active Directory Lightweight Directory Services overview".

    Note: By default, Active Directory Lightweight Directory Services on Windows Server 2008 or ADAM on Windows Server 2003 requires SSL to be enabled for password reset in AccessAssistant and Web Workplace.
  2. Optional: Create a designated IBM Security Access Manager for Enterprise Single Sign-On lookup user. For example: lookupusr.

    To support password resets, you can create an administrative user or a designated user with password reset privileges. For example: myresetuser.

    Ensure that the user account is:
    • Active and not set to be disabled.
    • Not set to expire.


Feedback