IBM Performance Management

Installing on a system using an external directory service

If the system where you plan to install the Performance Management server with a local DB2® server is using LDAP for user authentication, you must update itmuser and DB2 instance user passwords if they are configured in your directory service.

Before you begin

Although this procedure is generally applicable to any directory service and access protocol, the following steps cover an external directory service in use with LDAP. It is possible that your chosen directory service and access protocol are not recognized by DB2 and the Performance Management server installation software. In such a scenario, when you try to manage resources in this directory service, an error is returned because you are not authorized to complete these tasks. The steps that differ depending on directory service type are emphasized in this procedure but they are not documented.

About this task

Complete the following steps to:
  • Update itmuser and DB2 instance user passwords if these passwords are configured in your external directory service that is being used with LDAP.
  • Install a local DB2 server for use with LDAP for user authentication.
Note: The Performance Management server installation does not configure the local DB2 server to use the LDAP security plug-in. After you install the Performance Management server, you must configure the LDAP security plug-in on the local DB2 server.
.

Procedure

  1. Check which of the following user names are defined in your LDAP directory:
    • itmuser
    • db2apm
    • db2fenc1
    • dasusr1
  2. For each of the users that you identified in step 1, enter the following command and save the output for later reference. 
    id user_name
    where user_name is itmuser, db2apm, db2fenc1, or dasusr1. See the following sample output:
    # id itmuser
uid=1188800003(itmuser) gid=1188800003(itmuser) groups=1188800003(itmuser)
# id db2apm
uid=1188800004(db2apm) gid=1188800004(db2apm) groups=1188800004(db2apm)
# id db2fenc1
uid=1188800005(db2fenc1) gid=1188800005(db2fenc1) groups=1188800005(db2fenc1)
# id dasusr1
uid=1188800006(dasusr1) gid=1188800006(dasusr1) groups=1188800006(dasusr1)
    Important: The message id: <username>: No such user indicates that the user is not defined in the LDAP directory and must be omitted from later steps.
  3. Disable the LDAP authentication service by entering the following command: 
    service sssd stop
    The command to run for this step might differ depending on your chosen directory service.
  4. Perform an SSSD cache cleanup for the users that you identified in step 1. For example: 
    sss_cache -u itmuser
sss_cache -u db2apm 
sss_cache -u db2fenc1 
sss_cache -u dasusr1
    This step might differ depending on your chosen directory service.
  5. Create new groups and users on your local system for the users that you identified in step 1. Reuse the group names and group IDs, and user names and user IDs from the output of the id command in step 2. Use the same passwords that were specified in the LDAP directory. 
    groupadd -g 1188800003 itmuser 
useradd -u 1188800003 -g 1188800003 itmuser 
passwd itmuser 

groupadd -g 1188800004 db2apm 
useradd -u 1188800004 -g 1188800004 db2apm 
passwd db2apm 

groupadd -g 1188800005 db2fenc1
useradd -u 1188800005 -g 1188800005 db2fenc1
passwd db2fenc1

groupadd -g 1188800006 dasusr1
useradd -u 1188800006 -g 1188800006 dasusr1
passwd dasusr1
  6. Update the passwords in the install_image/install.properties file for the users that you identified in step 1. Use the same passwords that were specified in LDAP directory. For example:
    db2apm.password=db2Usrpasswd@08
itmuser.password=db2Usrpasswd@08
db2fenc1.password=db2Usrpasswd@08
dasusr1.password=db2Usrpasswd@08
  7. Update the group names in the install_image/files/db2wse.rsp file for the users that you identified in step 1. No property exists for the itmuser user.
    1. Update the apm.GROUP_NAME property with the name of the primary group of the db2apm user. For example: apm.GROUP_NAME = db2apm
    2. Update the apm.FENCED_GROUP_NAME property with the name of the primary group of the db2fenc1 user. For example: apm.FENCED_GROUP_NAME = db2fenc1
    3. Update the DAS_GROUP_NAME property with the name of the primary group of the dasusr1 user. For example: DAS_GROUP_NAME = dasusr1
  8. Enable the LDAP authentication service by entering the following command: 
    service sssd start
    The command to run for this step might differ depending on your chosen directory service.
  9. Install the Performance Management server and choose the option to install the default DB2 server. For instructions, see Downloading and installing the server.
  10. Configure the LDAP security plug-in on the local DB2 server. For instructions, see LDAP-based authentication and group lookup support. This step might differ depending on your chosen directory service.

Results

The Performance Management server is installed on a system where LDAP is used for user authentication and a local DB2 server is used.

What to do next

Verify that data from your agents is displaying in the Performance Management console. If you are not logged in, follow the instructions in Starting the Performance Management console.