SET LDAPUSER (Specify the user ID for the LDAP directory server)

Use this command to specify the ID of a user or account that can conduct IBM® Tivoli® Storage Manager administrative operations when it accesses the LDAP directory server. The user ID must have access to the base distinguished name (Base DN) on the LDAP directory server.

This command determines which ID issues administrative operations, such as resetting node passwords or entering user accounts, on the LDAP directory server. You must grant Base DN access to the LDAPUSER. The ID that is specified in the SET LDAPUSER command must be able to create, delete, and modify objects under the Base DN.

To change the LDAPUSER, reissue the SET LDAPUSER command.

Privilege class

To issue this command, you must have system privilege.

Syntax


>>-Set LDAPUser--ldap_user_dn----------------------------------><

Parameters

ldap_user_dn

Specifies the user DN that is used when the Tivoli Storage Manager server needs to issue administrative commands to the Tivoli Storage Manager name space on the LDAP directory server. If the user DN contains spaces or equal signs (=), enclose the entire DN in quotation marks. The maximum length of the DN is 256 characters.

Important: Enclose the user DN in single or double quotation marks.

If you do not know the DN when you enter the SET LDAPUSER command, contact your LDAP administrator. If you use Windows Active Directory, you can determine the DN by using one of the following methods:

Base your query on the name attribute: Issue the dsquery user -name tsmuser command.
Base your query on the user principal name (UPN): Issue the dsquery user -upn tsmuser@tsmdev.storage.us.ibm.com command.
Base your query on the SAM account name: Issue the dsquery user -samid tsmuser command.

Example: Specify the LDAPUSER

Issue the following SET LDAPUSER command to work with an LDAP Directory Server:

set ldapuser "uid=jackspratt,ou=users,o=ibm.com,c=us"

This command sets the user DN with a user ID (uid) of jackspratt, with organizational unit (ou) as users, organization (o) as ibm.com, and country (c) as the United States.

Issue the following SET LDAPUSER command to work with a Windows Active Directory server and other directory servers:

set ldapuser "cn=Jack Spratt,cn=users,dc=us,dc=ibm,dc=com"

This command sets the user DN with a common name (cn) of Jack Spratt and users, and a domain component (dc) of us, ibm, and com.

Related commands

Table 1. Commands related to SET LDAPUSER
Command	Description
AUDIT LDAPDIRECTORY	Audit an IBM Tivoli Storage Manager-controlled namespace on an LDAP directory server.
SET DEFAULTAUTHENTICATION	Specifies the default password authentication method for any REGISTER NODE or REGISTER ADMIN commands.
SET LDAPPASSWORD	Sets the password for the LDAPUSER.