Setting up an LDAP user registry

Information about users and groups is stored in a user registry. By default, the WebSphere® Application Server that is installed with Jazz® for Service Management and is used by IBM® Z Automation Web Console is configured to use a local file-based user repository.

Companies often use a central user registry that is based on the Lightweight Directory Access Protocol (LDAP) to manage users and groups company-wide and provide single sign-on to every service. Examples for LDAP servers:

IBM Tivoli® Directory Server
Resource Access Control Facility (RACF®)
Windows Server Active Directory
OpenLDAP

You can set up an LDAP server and create an LDAP user registry to use with IBM Z Automation Web Console. The WebSphere Application Server uses this registry for user authentication and the retrieval of information about users and groups to run security-related functions.

There are two different setup types:

Pre-defined

The LDAP user repository is configured in the WebSphere Application Server before the installation of IBM Z Automation Web Console.

The installer of IBM Z Automation Web Console can already use the configured LDAP repository for user creation and role assignments.

Post-defined

The LDAP user repository is configured in the WebSphere Application Server after the installation of the IBM Z Automation Web Console.

If you reconfigure the user repository after you installed IBM Z Automation Web Console, you must complete extra steps to port from a file-based repository to an LDAP user repository.