LDAP Profile: Service Information
Use this page to specify information about the Lightweight Directory Access Protocol (LDAP) service instance.
The LDAP service instance uses an agentless adapter based on IBM® Security Directory Integrator assembly lines. Complete the following fields to connect to the server where the service resides:
LDAP service
- Service name
- Specify a name that helps you identify the service instance. For example, you might include the host name of the computer on which the LDAP service instance runs.
- Description
- Specify additional information about the LDAP service instance.
- Connection mode
- This option is available only if the erconnectionmode attribute has been added to the service
form. Specify whether to have the managed resource process account requests or to have the service
act as a manual service.
- Automated
- Specifies to route account requests to a service provider. This selection is the default setting.
- Manual
- Specifies to route account requests to a specific user. Selecting Manual enables the Participants page, the Messages page, and a different Reconciliation page in the navigation area.
- Tivoli Directory Integrator location
- Optional: Specify the URL for the Security Directory Integrator
instance. Valid syntax is
rmi://ip-address:port/ITDIDispatcher
. Where ip-address is the Security Directory Integrator host and port is the port number for the RMI Dispatcher. For example, you might specify the URL asrmi://localhost:16231/ITDIDispatcher
. Specify the value of localhost in the etc/hosts file. - Directory server location
- Specify the location and port number of the LDAP Adapter. For IPv6 addresses, enter the address value in brackets. An example of a URL using IPv6 would be ldap://[address]:port number.
- Use SSL communication with LDAP?
- Select this check box to use secure communication with the LDAP service instance.
- Administrator name
- Specify the administrative user ID, such as cn=root, for the LDAP service instance. The name must be a distinguished name (DN).
- Password
- Specify the administrative password for the LDAP service instance. If password authentication is used, enter a value. Otherwise, reconciliation later fails.
- Directory server name
- Choose a directory server from the list.
- Owner
- Click Search to specify the existing user ID of the service owner that
administers the LDAP service instance.
Click Clear to remove the currently specified user.
- Service prerequisite
- Click Search to specify an existing service instance or function that the
LDAP service instance requires.
Click Clear to remove the currently specified service.
If a service has another service defined as a service prerequisite, a user can only receive a new account if they have an existing account on the service prerequisite.
Users and groups
- User base DN
- Specify the distinguished name (DN) of the container or base point where the users are stored.
- RDN attribute
- Specify the required relative distinguished name (RDN) attribute for the LDAP service instance.
- Group base DN
- Specify the DN of the container or base point where the groups are stored.
- Initial group member
- Specifies a DN used to create the LDAP group. It is prefilled with cn=TIM Adapter. Optionally, you can customize this initial group member.
- Group object class name
- Select the group object class for example GroupOfNames.
- Group membership attribute
- Select the group membership attribute for example member.
Use these buttons:
- Test Connection
- Click to test the connection to the service.
- Finish
- Click when you are finished with this task.