LDAP Profile: Service Information

Use this page to specify information about the Lightweight Directory Access Protocol (LDAP) service instance.

The LDAP service instance uses an agentless adapter based on IBM® Security Directory Integrator assembly lines. Complete the following fields to connect to the server where the service resides:

LDAP service

Service name
Specify a name that helps you identify the service instance. For example, you might include the host name of the computer on which the LDAP service instance runs.
Description
Specify additional information about the LDAP service instance.
Connection mode
This option is available only if the erconnectionmode attribute has been added to the service form. Specify whether to have the managed resource process account requests or to have the service act as a manual service.
Automated
Specifies to route account requests to a service provider. This selection is the default setting.
Manual
Specifies to route account requests to a specific user. Selecting Manual enables the Participants page, the Messages page, and a different Reconciliation page in the navigation area.
Tivoli Directory Integrator location
Optional: Specify the URL for the Security Directory Integrator instance. Valid syntax is rmi://ip-address:port/ITDIDispatcher. Where ip-address is the Security Directory Integrator host and port is the port number for the RMI Dispatcher. For example, you might specify the URL as rmi://localhost:16231/ITDIDispatcher. Specify the value of localhost in the etc/hosts file.
Directory server location
Specify the location and port number of the LDAP Adapter. For IPv6 addresses, enter the address value in brackets. An example of a URL using IPv6 would be ldap://[address]:port number.
Use SSL communication with LDAP?
Select this check box to use secure communication with the LDAP service instance.
Administrator name
Specify the administrative user ID, such as cn=root, for the LDAP service instance. The name must be a distinguished name (DN).
Password
Specify the administrative password for the LDAP service instance. If password authentication is used, enter a value. Otherwise, reconciliation later fails.
Directory server name
Choose a directory server from the list.
Owner
Click Search to specify the existing user ID of the service owner that administers the LDAP service instance.

Click Clear to remove the currently specified user.

Service prerequisite
Click Search to specify an existing service instance or function that the LDAP service instance requires.

Click Clear to remove the currently specified service.

If a service has another service defined as a service prerequisite, a user can only receive a new account if they have an existing account on the service prerequisite.

Users and groups

User base DN
Specify the distinguished name (DN) of the container or base point where the users are stored.
RDN attribute
Specify the required relative distinguished name (RDN) attribute for the LDAP service instance.
Group base DN
Specify the DN of the container or base point where the groups are stored.
Initial group member
Specifies a DN used to create the LDAP group. It is prefilled with cn=TIM Adapter. Optionally, you can customize this initial group member.
Group object class name
Select the group object class for example GroupOfNames.
Group membership attribute
Select the group membership attribute for example member.
Use these buttons:
Test Connection
Click to test the connection to the service.
Finish
Click when you are finished with this task.